Versions Compared

Old Version 1

changes.mady.by.user Daniel Renshaw

Saved on

compared with

New Version Current

changes.mady.by.user Jason O'Malley

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

http:// on Chrome & Firefox

If you are running on Straightsell template version 11B or earlier you may have noticed the following warnings in Chrome and Firefox:

Google Chrome:

Image Removed

Mozilla Firefox:

Image Removed

This is due to recent changes Google and Mozilla have made to their internet browser security messaging, more information can be found below:

Google Chrome:

Table of Contents

Recently you or your customers may have noticed an increase in “not secure” messages being displayed on parts of your Straightsell website. This article aims to help you understand what these messages are, why these messages are being displayed and what Straightsell are doing about them.

What do HTTP and HTTPS mean?

HTTP is the protocol used to transfer a websites data from one computer (the web server) to another (your web browser) over the Internet.

HTTPS is a secure or encrypted version of this protocol; Where the transfer of website data from one computer (the web server) to another (your web browser) over the Internet, is secure or encrypted and private. In order for a website’s data to be available via HTTPS, something called an “SSL certificate” which is provided by a 3rd party company called a Certificate Authority, needs to be purchased and installed on your web server. This certificate is used as a form of ID, for you to check and prove the website you are visiting is the real website you were expecting to visit, and not a fake one set up by hackers.

Why do parts of my website display as not secure?

Your website’s security has not changed recently, but the messages about security displayed in your web browser has. Specifically, Google Chrome is reporting “not secure” messages on any non-HTTPS page, whilst Mozilla Firefox reports the message on a HTTP page where a “password” field exists. This may be your home page if you have a login bar, a separate login page or your registration page.

Additionally, this message will be displayed on all HTTP pages where Credit Card information is entered, although this is not relevant as your Straightsell website Credit Card entry page is already served via HTTPS, and is secure, encrypted and private.

This “not secure” messaging varies across both browsers, see the following links and screenshots for more information:

Google Chrome

Image Added

Mozilla Firefox®:

...

Please note that wherever Credit Card information is entered on your website we are https:// compliant, so importantly this message does not apply here.

Unfortunately It is not possible for us to provide site-wide https:// (https:// compliance across all pages of your website) at the moment. We can however make specific pages on your website https:// compliant if you would like us to do so.

Modifying your Straightsell Templates

Our most recent Straightsell Template (11C) has updated all website pages that contain Username and Password entry to https://

In addition to securing the password entry pages specified below, performing this work means that when browsing  non-https:// pages of your website pages will NOT appear as “Not secure” in the address bar of the browser.

Below you can see how our latest templates differs from what can be seen in the screenshots above:

Google Chrome:

Image Removed

Image Removed

Mozilla Firefox:

Image Removed

Image Removed

We aim to become fully https:// compliant within the next 12 months.

If you would like more information on this process please get in touch with us at support@straightsell.com.au and we will get back to you as soon as we can.

...

hiddentrue

...

Image Added

Why is this message being displayed?

This browser messaging is becoming more pronounced because Google and Mozilla, the creators of the Chrome and Firefox browsers respectively, are pushing for more websites to be secure, encrypted and private and thus make the web a safer place. This is a great thing for users, but is not without challenges for website developers and hosting providers, particularly those that host eCommerce websites such as Straightsell.

What is Straightsell doing about this?

We are aware of these changes and are now able to offer full site HTTPS, which will serve every page of your website securely with encryption.

If you would like more information on having full site HTTPS put in place on your current website, please log a service request in the Straightsell Help Centre and we will be in touch.