Does my website need to be secure in order to embed, not link, a secure form?

  • nishwilk
    Asked on September 30, 2015 at 2:09 PM

    I'm getting mixed signals one whether or not my website has to be secure in order to put a secure form on it.

    I interpreted the screen capture on the left to say that I don't need a secure website and the screen capture in the middle to say I do need a secure website. so I am confused.

    I'm creating a donation website using Adobe Muse and the client does not want to pay for a secure website (if they don't have to), but DOES want a secure form. Is this possible or will they have to make their website secure?

    If it is possible, when a user donates, will they get a notice saying the website is not entirely secure like the note says in the small screen capture says on the right? I feel like this would prevent them from making their donation and I don't want that to happen.

    I would like the form to be on my website versus a link that takes them somewhere else. I read further down in the thread of the screen capture on the left that by using an iframe, this would make the form secure. Is that correct?

    Here is the thread I'm referencing in the screen capture on the left:

    http://www.jotform.com/answers/493502-Can-we-use-a-secure-SSL-form-on-a-regular-HTTP-website

    thread in the middle:

    https://www.jotform.com/answers/523379-SSL-lock-icon-not-showing-on-WordPress-website-the-secure-form-is-embedded-at

    These examples in the threads seem to be for blog site, so maybe its different for someone making their own site?

     

    Please let me know! Thank you. 

    Jotform Thread 673880 Screenshot
  • Welvin Support Team Lead
    Replied on September 30, 2015 at 4:12 PM

    Getting an SSL certificate for the website or getting the website secured is not required if you would like to collect a payment in the form. What is required is that you would need to embed your form and enable SSL to it, especially if you are accepting credit card payment in the form. Credit card payments such as Paypal Pro, Stripe and Authorize.net.

    Here's how to setup SSL in your form: http://www.jotform.com/help/63-How-can-I-receive-SSL-Submissions.

    Embedding the form using our iframe method won't make the form a secure one, not until you will check "Secure" box in the form embed wizard to enable SSL.

    Just a note that we are releasing a new "embed" layout so if the screenshot in the guide is not what you see there, just please look at the URL. If your form starts with https://secure or https://www then that means your form is secured. If it starts with http://form or http://www then that means you are using the regular form. 

    Thank you and I hope that helps.

  • nishwilk
    Replied on September 30, 2015 at 6:00 PM

    So I do NOT need my website to be secure to put a secure form on it? You said, "getting the website secured is not required if you would like to collect a payment in the form". That is not what I asked, so I just want to make sure I understand you.

    If I understand correctly, I can make my form secure by checking the "secure" box and then embed it on my NON-secure, regular http website. Is that correct?

    I will be using Standard Paypal so it re-directs the donor to PayPal’s website,. The donors are not putting their credit card information on my form or site. My client wants the information, for example, the full name and address, on the form to be secure. That is what they are concerned about and why I'm asking these questions.

    After I have checked the "secure" box, does it make a difference which way I embed my form? Is using an iframe better than just copying and pasting the embedded javascript code? I'm curious because I read that a direct link or an iframe were the safest ways possible. 

     

    Does my website need to be secure in order to embed, not link, a secure form? Image 1 Screenshot 20

  • Elton Support Team Lead
    Replied on October 1, 2015 at 3:16 AM

    If I understand correctly, I can make my form secure by checking the "secure" box and then embed it on my NON-secure, regular http website. Is that correct?

    Yes that's correct. This means that only the embedded form is secure and none other else. So when the form is submitted, it will be transmitted securely to the Jotform server. However, the downfall though is that your web browser will not show a secure lock icon in the address bar since the secure content is only the form inside an iframe, so your form users may shy away in fear that the form may be insecure even though it is secure. In short, there's no secure indication that's visible to the users. It is up to your discretion if you want to make your site secure like on the following image (which you can discuss with your domain provider) or not.

    Does my website need to be secure in order to embed, not link, a secure form? Image 1 Screenshot 20

    Using Paypal Standard is a good choice if your site does not support SSL since Paypal will handle everything after the form submission and the fact that Paypal domain with SSL encryption is visible on the address bar, users may feel secure.

    You can use both iframe embed or script embed. They're similar anyway except the fact that script embed creates an iframed form once executed on the browser. If anything goes wrong with script embed like script conflicts on your website, I suggest to use iframe. This should not conflict with anything on your page.

    Hope this clears your questions.