If I embed an SSL secure jotform into my http website, is it still secure?

  • Profile Image
    Asked on January 14, 2015 at 06:11 PM


    I want to embed a secure, https jotform for donations into my website that will be powered by squarespace. I have created a test at http://www.yumadc.org/meftest

    Can you confirm that if the security seal appears, then form is in fact secure, even if the https and green lock symbol are not appearing in the url because it is embedded into a non secure site?

    When I embed the form (link: https://secure.jotform.us/form/50065377831153) into my site that is not http is it still secure?

    Ideally, I want my user to see the green lock symbol when they are on my site, filling out the secure embedded form. Is this possible? 

    Please advise!


  • Profile Image
    Answered on January 14, 2015 at 07:21 PM

    If you embed a secure form in a non-secure website. You'll have half of security which means that the information entered in your form would be secured, but the information from your site will not be secured.

    In this scenario, I suggest that instead of embedding the form you provide a link to it using the secure URL: https://secure.jotform.us/form/50065377831153 This way your visitors will see the green lock when they want to donate.

    Or add an SSL certificate to your domain and this way you can embed your form using the secure version and you can use HTTPS protocol for both your website and your form.

    Hope this answers your question.

    Let us know if you need further assistance.
    Thank you.

  • Profile Image
    Answered on July 15, 2016 at 06:08 PM

    So if I embed a jotform into Squarespace which does not have SSL, a credit card payment through the form TO the website would be secure, but a man-in-middle-attack could send fake into back to my visitors asking for information? 

  • Profile Image
    Answered on July 15, 2016 at 09:44 PM

    If you embed an SSL form (this is our standard option at this time) it will be secured, the from will be protected from potential manipulations and decryption. It will work even if you embed it to the Non-SSL web page.

  • Profile Image
    Answered on July 18, 2016 at 04:14 PM

    So is there any reason to avoid embedding secure jotforms for taking payments/donations into non-SSL pages?

  • Profile Image
    Answered on July 18, 2016 at 05:40 PM

    Your web page will not show a secure pad lock, so it might be not clear to some users that the form is actually secure. Other than that the form should be fine. Note, that recommended embedding methods are iFrame and Embed codes, in theory the source code method might be less secure.