- photo312Asked on June 30, 2016 at 02:41 AM
I have a question about implementing Stripe into the forms.
Do I need to use "https" on my page when I include this form?
- JotForm SupportEltonCrisAnswered on June 30, 2016 at 03:44 AM
Technically, you don't have to for as long as you have embedded the form using its secure iframe embed code (https). However, if security is your most concern, you need to use HTTPS on the page where you have embedded your form. One main reason is to prevent iframe injection and other sort of iframe busting that would expose the user's data. Another reason is that this would give visibility to the users that the page they're submitting the form is secure.
For non-techy users, what they see is that they get. If you are going to embed HTTPS on HTTP page, user cannot trivially see the URL of the form where it points to. This would give them the impression that everything on the page including the embedded form runs over on HTTP.
Hope this information helps!