Monday, February 19, 2007

Tips & Tricks: avoid security warnings

Does your store use SSL? Probably so. If the answer is "yes", then here is something that you should really try to avoid: security warnings. I see them way, way too often. And they are quite easy to avoid.

What's a security warning? It's an alert window shown to your customers whenever the browser detects that something on the page is not secure, but the URL is a secure one (https). I'm sure you've seen a security warning many times. It looks like this:



It bugs you (and maybe scares you) when you see it... and it bugs your customers too.

How can you make sure your store is free of security warnings? It's actually rather simple. You need to ensure that your Web site does not load any element over the HTTP protocol. If you are loading a page element (e.g. images, CSS and JavaScript files, etc.) using an absolute location (i.e. full URL), you must use the HTTPS protocol. For example, there should be no src="http://... on your page, but rather only src="https://

Where to look? Here are the common culprits:
  • Google Analytics (or another, remotely hosted Web statistics service)
    Make sure that the code snippet that you grab from your Google Analytics account is the HTTPS version, and not the HTTP one. I've seen a lot of store owners make this mistake, because Google by default gives you the HTTP version. The same is true if you are using a service other than Google Analytics. They pretty much always allows you obtain a secure version of the piece of code to be placed on your page.

  • Google AdWords or Yahoo! Search Marketing conversion tracking
    Same thing here. Make sure you get the HTTPS version of your Pay-Per-Click conversion tracking code. Typically this code ends up on the last page of the checkout process, so the bugging security alert won't prevent customers from ordering (they've already placed the order). Still, it just doesn't look good :-)

  • CSS and JS files
    If you are loading an external stylesheet or a JavaScript file, which happens pretty often, make sure that the URL that points to the file uses HTTPS. If you use relative links, you're never wrong (i.e. place those files in a folder on your Web server so that you can just point to them using a link such as src="styles/myStyle.css" instead of src="http://www.anotherWebSite.com/styles/myStyle.css")

  • Flash elements
    If you have any Adobe (Macromedia) Flash elements on your page, make sure that the code that is added to the page by Dreamweaver or another HTML editor to handle the Flash file does not contain HTTP URLs. It often does.

So check your site (or have your Web designer double-check his/her work). Remove those security warnings: no reason to give your customers one more reason not to stay on your Web store!

1 comment:

wally said...

Massimo:

Great Blog and congrats on Improving your presence in the industry. I am not successful with PC just yet, but soon I should have the wrinkles ironed out.

W
Cleveland, OH