Form is not secure because a picture is served from HTTP

  • Profile Image
    Asked on December 15, 2016 at 10:33 AM


    I was under the impression that all of the Jotform forms were secure, and we are asking people to submit sensitive information. Has this changed? Now I see that when I try to fill out our form, it clearly says "Your connection to this site is not fully secure" in the upper left corner of the URL on my browser.

    The form I am referring to is this:

    Please let me know if there is something that I should be doing to make our forms secure. We are getting complaints from the participants.

    Thank you.

  • Profile Image
    Answered on December 15, 2016 at 11:12 AM

    Upon inspection of the form, we are happy to inform you that the problem is in fact quite simple and has no major security implications. The reason why the browser indicates that the form is not secure is simply because the background picture is being served from a HTTP link instead of HTTPS.


    To correct that, I created an animation to show you how to use the HTTPS link for your picture, which is



    In order to always keep your form secure, please make sure that the URLs you use for pictures start with "https://" and not "http://". Everything we provide in the form is already using HTTPS, always.


    Please let us know if you need further assistance.

  • Profile Image
    Answered on December 15, 2016 at 01:57 PM


    Seems like your commend did not reach this thread, please reply opening this thread in a web browser so it is posted here: 

    However, I found it on our email logs, here is what you replied: 

    "Answered by SunbridgeInstitute

    Thank you for the clear instructions. Did something change recently to cause this? I remember previously seeing the lock, yet I have not changed the image since we began with Jotform.

    Thanks again..."

    Regarding to the notice you were facing, do note that this is not a change implemented on JotForm, it is for security in general that this notice appears, this was because the JotForm form link is secure, but you had some sources that were not loaded from secure links (HTTP), as explained by my colleague Aidan above. Also, may be that you uploaded the file to our servers before the security was  implemented in all of our features, then the link was still from as non-secure, so simply updating it should re-upload the file to a  link with HTTPS and avoid this. 

    Here's also a link where it is explained in a bit more of details this: 

    If you have any question, please  let us know.