Do I need an SSL certificate on my website when embedding a form?

  • greg99
    Asked on November 2, 2017 at 5:52 PM

    I'm currently using a simple jotform template. The extent of personal info. gathered from clients is the following. Do I need an extra SSL certificate for my website or does Jotform include the extra layer of security in the form?

    Name:

    Dates requested: 

    Phone #:

    Also, I'm looking at adding a payment option such as Paypal but does Jotform also include the extra security in this case? 

    Best,

    Greg

  • Support_Management Jotform Support
    Replied on November 2, 2017 at 7:48 PM

    Hello Greg - If you will use the form as is, using its standalone version, then ALL forms you build with us already uses SSL. As an example, here are all the 3 forms you built so far and you can tell from the links that they sit on an https page:

    https://www.jotform.com/40856747101454

    https://www.jotform.com/73057143670454

    https://www.jotform.com/73057178170457

    But if you plan to embed it on a page on your website that doesn't have an SSL certificate, it would still work but it won't be using a secured connection. So, my recommendations are:

    1. Either use the standalone form URL as opposed to embedding it. You can just add a link on your website that points to the form URL.

    Related guide: Where-to-Find-My-Form-URL

    2. Or, get an SSL certificate for your website. This is way preferable since an SSL site is more trusted and secured than non-https site. This holds true whether you will use JotForm or not.

    Also, I'm looking at adding a payment option such as Paypal but does Jotform also include the extra security in this case?

    Regardless if you have a payment field added on your form or not, your forms and submission data are totally secured. They are transmitted securely with a 256 bit high-grade encryption, which means that data is encrypted during the transmission and cannot be interrupted by anyone else. As mentioned earlier, we have an SSL certificate that uses SHA256 with RSA encryption which you can test here if necessary.

    Related article: All-Forms-are-Now-Secured-by-Default