How to Start Serving up Your Pages Securely with SSL


#1

Security-conscious visitors to your landing pages are a fact of life.

These are the folks who will double check your page for a secure connection before they’ll hand over any personal information in a contact form.

No secure connection? They be like:

nopegif

The visual cues they’re looking for include the the little green lock icon that appears in the address bar, and the HTTPS web address, like this:

Close to half of people search for these visual clues on web pages because they need to know that you, and your offer, are legitimate before they’ll convert.

Why so worried? Well, recent surveys indicate that77% of website visitors are concerned that their personal data could be intercepted or misused online, so marketers like you need to do everything you can to ensure your pages appear professional and trustworthy. Otherwise, you could be leaving money on the table.

Fortunately, in June, SSL (Secure Sockets Layer) was made available to you and this provides the credibility you need to ease this type of anxiety. As part of the rollout of SSL, you had the option to serve up pages using either HTTP or HTTPS (which meant that nothing would break on your pages if you happened to have insecure elements on them).

But what does this mean for you now?

While it remains an option to keep serving up your pages via HTTP, you need to choose whether you want to make the swap to secure, SSL enabled pages with HTTPS.

It’s fine to keep groovin’ on along with HTTP if you have a specific reason to (like a video or piece of custom javascript on your current page that can’t be supported on a secure page), but going forward you should choose to serve up pages using either one or the other (secure or insecure). Whichever you choose, it just needs to be consistent.

That said, if you’re collecting any kind of lead information with your pages, you should switch to HTTPS as it assures visitors that their contact info is going direct to you and is not intercepted enroute.

SSL is a great way to address visitor anxiety and can boost credibility and conversions because it implements visual security indicators on your page to assure visitors you’re legitimate. It can also help you implement cool stuff like custom Facebook tabs, and it’s especially important if you’re in an industry where your visitors will expect that security is on your radar; industries like medical, finance, and security-based solutions, for example.

So you wanna make the swap?

If you want to start serving up pages securely, that’s terrific! But Ð before you switch Ð you need to check for examples of insecure content on your existing pages. All the content on an HTTPS page has to be secure to be served up this way. If you have added custom Javascript to your pages, or have made extra customizations in general, here’s a list of what to watch out for before you swap to HTTPS:

  • Lightboxes that pull content like images from unsecured HTTP sources
  • Background images in any custom CSS hosted on HTTP (i.e. ‘background:url(http://example.com/backgroundimage.jpg)’
  • Favicons added to your page using custom Javascript or Script Manager (i.e.: " rel=“nofollow”>http://example.com/myicon.png">)
  • CSS tags linking to non secure scripts
  • iFrames embedded using a custom HTML widget sourcing a non secure UR (i.e.:
  • Javascript tags referencing non secure scripts. These may be included as custom JavaScript in the page itself, or as scripts in the Script Manager
    (i.e. ” rel=“nofollow” title=“Link: http://example.com/script.jsÓ>”>http://example.com/script.jsÓ>)

Oh, and your privacy policies…

A privacy policy is needed on your landing page if you’re running Google AdWords to direct traffic to your page. The policy page you link to either lives on Unbounce, or you could be using tools like Iubanda to host it. It looks something like this:

Your privacy policy (like any link on your page) has to be served up the same way you serve up the landing page it’s associated with. That is Ð if your landing page that links out the privacy policy is served up via HTTPS, your privacy policy needs to be secure too. Otherwise, your visitors will get a mixed content warning, or they won’t be able to see the privacy policy when they click through to it.

Making the Swap to Secure Pages

After you’ve confirmed all the elements on your page are secure, you can go ahead and change over to HTTPS. All you have to do to serve up secure pages is change the links directing to your page so that the begin with HTTPS.

Go ahead and change links to https://www.yourlandingpage.com in your:

  • Facebook ads

  • Google AdWords campaigns

  • Emails

  • Social posts

  • Wherever else you direct folks to your pages

And try to be thorough…

If your email campaign references an old HTTP link and you just swapped all of your landing page elements over to be served securely via HTTPS, your visitors will get a mixed content warning, or the parts of your page that are being served securely now simply won’t show up. So do your best to address all the links directing to your page when you swap over!

Remember, you can only choose one method of serving up your pages even though both are available to you now.

So make the official swap over to SSL if you want to play in the secure space and boost the credibility factor on your pages. We’ll continue to post updates about how SSL can benefit your campaigns, and we welcome your feedback below!


#2

I love this addition.  Since we have a number of Unbounce pages, and a wide variety of outside links linking to them, how can we setup Unbounce to automatically serve the HTTPs version of the pages… without having to update all those outside links?

Thank you!


#3

Great to hear, Robb! Thanks for letting us know. Although I’m really happy to hear you’ve got a number of Unbounce pages on the go, you can’t automatically serve up the HTTPs version to the outside links. You’ll need to update the links that point to your Unbounce pages - for Adwords, for example - if the destination URL is http://promo.example.com, you’ll need to change it to https://promo.example.com. No changes in the Page Builder though, so that’s good. I’d recommend checking out this “before you swap” checklist to ensure a seamless swap.


#4

Thanks for the quick reply!

It would be nice to have a setting added to Unbounce to automatically redirect visitors to the https version.

For example, try visiting http://www.google.com and you will automatically be redirected to the https version.

This matters for Unbounce because your customers, me included, often publish landing page URLs in offline media (print publications, outdoor advertisements, radio, etc.)  In those offline marketing channels, there’s no way to ensure that landing page visitors all visit the secure Unbounce page. For example, if I run a radio ad that tells listeners to visit MyUnbounceDomain.com - I can’t really tell them to type in “https://” on the radio, and the audience wouldn’t do it anyway.  Instead they’ll just type in the web address, and thus get the non-secured page.


#5

Update, Will Christiansen’s comment on this post seems to accomplish what I’m looking for:  https://community.unbounce.com/unbounce/topics/new-feature-ssl-is-here


#6

Hey Robb, thanks for the update Ð I’m glad Will’s workaround helps!

I totally know where you’re coming from with the automatic redirect though Ð it’d likely come in handy for sure when promoting pages offline. That said, I’d encourage you to submit a community post as a feature request (or, in this case, feature adjustment). As you mentioned, it matters for Unbounce customers, and if those in the community upvote your idea, it can pick up some momentum and maybe get taken on in development (we always look to what our customers are requesting for product roadmap updates). A lot of features come about this way, so it’s great we hear from you!


#7

Thanks Jen!

Idea posted here: https://community.unbounce.com/unbounce/topics/add-setting-to-make-unbounce-pages-automatically-load…


#8

Hello,

We plan to start an unbounce landing page on a subdomain (for ex.: landing.kbcequitas.hu). We have an SSL certificate on our main site. Shoud the subdomain work in https mode with it?


#9

Hi there! All subdomains with unbounce are automatically enabled with SSL. Have a look here.

:slight_smile: