What is JotForm?
JotForm is a free online form builder which helps you create online forms without writing a single line of code. No sign-up required.

At JotForm, we want to make sure that you’re getting the online form builder help that you need. Our friendly customer support team is available 24/7.

We believe that if one user has a question, there could be more users who may have the same question. This is why many of our support forum threads are public and available to be searched and viewed. If you’d like help immediately, feel free to search for a similar question, or submit your question or concern.


  • Profile Image

    If I embed an SSL secure jotform into my http website, is it still secure?

    Asked by midtownmetro on January 14, 2015 at 06:11 PM

    Hello!

    I want to embed a secure, https jotform for donations into my website that will be powered by squarespace. I have created a test at http://www.yumadc.org/meftest

    Can you confirm that if the security seal appears, then form is in fact secure, even if the https and green lock symbol are not appearing in the url because it is embedded into a non secure site?

    When I embed the form (link: https://secure.jotform.us/form/50065377831153) into my site that is not http is it still secure?

    Ideally, I want my user to see the green lock symbol when they are on my site, filling out the secure embedded form. Is this possible? 

    Please advise!

    Chelsea

    Page URL:
    http://www.yumadc.org/meftest

    non secure ssl form secure form
  • Profile Image

    Answered by raul on January 14, 2015 at 07:21 PM

    If you embed a secure form in a non-secure website. You'll have half of security which means that the information entered in your form would be secured, but the information from your site will not be secured.

    In this scenario, I suggest that instead of embedding the form you provide a link to it using the secure URL: https://secure.jotform.us/form/50065377831153 This way your visitors will see the green lock when they want to donate.

    Or add an SSL certificate to your domain and this way you can embed your form using the secure version and you can use HTTPS protocol for both your website and your form.

    Hope this answers your question.

    Let us know if you need further assistance.
    Thank you.

  • Profile Image

    Answered by affinityseattle on July 15, 2016 at 06:08 PM

    So if I embed a jotform into Squarespace which does not have SSL, a credit card payment through the form TO the website would be secure, but a man-in-middle-attack could send fake into back to my visitors asking for information? 

  • Profile Image
    JotForm Support

    Answered by Mike on July 15, 2016 at 09:44 PM

    If you embed an SSL form (this is our standard option at this time) it will be secured, the from will be protected from potential manipulations and decryption. It will work even if you embed it to the Non-SSL web page.

  • Profile Image

    Answered by midtownmetro on July 18, 2016 at 04:14 PM

    So is there any reason to avoid embedding secure jotforms for taking payments/donations into non-SSL pages?

  • Profile Image
    JotForm Support

    Answered by Mike on July 18, 2016 at 05:40 PM

    Your web page will not show a secure pad lock, so it might be not clear to some users that the form is actually secure. Other than that the form should be fine. Note, that recommended embedding methods are iFrame and Embed codes, in theory the source code method might be less secure.