SSL enabled form embed code on non-SSL parent page

  • Profile Image
    thomaszw
    Asked on February 24, 2016 at 07:54 AM

    Hello

    We have one of your forms on our website, see on the link below. Sometimes our clients are asking if this form is not secure because there is not https:// but only http://. What about that issue? Are the forms submitted with SSL or in a not secure form?

    Thank you and bet regards

    Thomas

  • Profile Image
    Charlie
    Answered on February 24, 2016 at 11:45 AM

    The form itself is loaded on HTTPS and it submits on SSL. I can say that the data on the form submitted in our end is secure. However, the page where the form is embedded, which is your website, is not secure, it can be used as the point to where a hack or unsecure action can be done. 

    To make sure that the form and the data will be secured, the only way is to use both HTTPS on the parent page (your website itself) and on your embed code (which is already SSL enabled).

    I see there are some articles and discussions about this when I searched the web, you can refer to the following links:

    http://www.tinywebgallery.com/blog/iframe-do-not-mix-http-and-https 

    http://stackoverflow.com/questions/17442623/ssl-page-iframed-in-non-ssl-page-is-form-submission-still-secure 

     

    I hope that helps.