SSL

Robert Carangelo III shared this question 5 years ago
Answered

Is it possible to have the quote page be https (SSL)? Customers would be entering cc info into the form and would feel better seeing that green lock (at least for Chrome) that tells them their data is safe, but by linking to the http quote page, how will customers know their cc information is safe and secure?


Thanks!

Best Answer
photo

The contract page is where they pay, and it is always SSL.

Comments (5)

photo
1

The contract page is where they pay, and it is always SSL.

photo
1

In Internet Explorer, the form is not shown on my https page because it is not "secure content." Making a user click on allowing it to show indicates it is insecure content, and then I ask them to put in CC info into what they think is an insecure form. Having the quote page be a secure page would remedy this. The other possibility is that instead of embedding the quote page I could put the form directly into the html. Is that a possibility?

photo
1

We force https when loading a contract (https://www.inflatableoffice.com/quotes/contract.php), which is where you put your credit card information. There can be occasions where some insecure content is loaded, like an image that is referenced by http instead of https that can cause browsers to give security messages. This doesn't mean that the credit card data is insecure.


Our default page that you use for your company doesn't reference any insecure items. Likewise, when we setup custom pages and content for our customers, we load all their images on our server so they can be secure (most do not have an ssl certificate).


I'm not sure what you are looking at that is causing doubt. I've checked your account, and everything is secure. If however you are looking at the quote request or quote confirm page, we don't always load those in ssl due to the fact that the information being transferred on those pages does not require high security. Maybe you are looking at the correct page but misunderstanding the browsers warning? If you sent a screen shot, I may be able to look into what your browser is saying.

photo
1

Please find attached the screenshot requested. One is from Chrome and one is from IE. Note in IE the quote page doesn't show up because the page is https but the embedded quote page isn't, so it leads the user to click on showing insecure content, so then later when they are asked for CC info, they may be reminded that they had to click to make it appear because it wasn't secure content, and they may PERCEIVE it to be insecure.

photo
1

Your iframe code should be https instead of http if you are loading everything on https. That should correct the browser error.


Do you know that your site doesn't load under http? Google search bcbounceparties.com. Notice when you click on the link, you get a 403 forbidden error. That will turn more customers away than anything else. Additionally, anyone that types in your web address will get this error since most people don't type https and browsers default to http.


You should enable non SSL (http) since you only need https when you are transferring sensitive data. Plus, you will then not have this issue.