Important Information Regarding the Use of iFrame Forms

Last Updated: Jan 24, 2017 02:26PM EST
Every Click & Pledge payment form, whether it uses a standalone URL or is embedded into your website using an iframe code, is secured with the HTTPS protocol. We have always recommended as a best practice to place any iframed payment form on an HTTPS webpage. Without the visual HTTPS on the webpage, some patrons many believe that their personal or credit card data is vulnerable. Again, all Click & Pledge iframe code is secure, but we have seen patrons distrust payment forms that are on webpages that are HTTP only.

But beginning in January 2017, the latest Google Chrome browser update will begin to mark webpages as Not Secure, if:
  1. Your website's domain is not secured (HTTPS), and
  2. One of your webpages contains password or credit card input fields. 

As stated before every Click & Pledge donation form, whether it uses a standalone URL or is embedded into your website using an iframe code, is secured with the HTTPS protocol. However, secured iframe forms placed in top-level pages that use the HTTP protocol, will still be marked as Not Secure.
 

What do I need to know?

 
  1. If all your forms are standalone webpages created through our Connect dashboard, you don't need to do anything. Each one of the Connect standalone forms uses a secure (HTTPS) domain.
  2. If one of your forms is embedded into your website using an iframe code, you will need to ensure every single iframe form is embedded on a secure (HTTPS) webpage.


I have embedded an iframe form into an unsecure (HTTP) webpage. What do I need to do?



Google's developers have provided directions to securing your website domain and iframed donation forms.
 
  1. You must ensure that all forms containing password inputs, and any credit card field inputs, are present only on a secure domain.
  2. "If your site overlays an HTTPS login frame over HTTP pages, you will need to change the site to either use HTTPS for the entire site (ideal) or redirect the browser window to an HTTPS page containing the login form."

In the future, Chrome will show a Not Secure warning for all HTTP pages, regardless of whether it has credit card or password input fields. Therefore, it's in your best interest to convert all your website pages to a secure (HTTPS) domain as soon as possible.
 


I have embedded all my iframe forms into secure (HTTPS) webpages. What do I need to do?

 
  1. Verify that every iframed Click & Pledge form is, in fact, using a secure (HTTPS) protocol.
  2. If one of your forms does not use a secure (HTTPS) domain, please complete the steps listed above to secure your website and its donation forms.
  3. If you can confirm that all your forms use a secure (HTTPS) domain, then you don't need to do anything else.
 
Please contact your system administrator, IT manager, or Web developer to secure your website and donation forms. While we can't change your domain security for you, our Support team is happy to answer any other questions you might have about our donation forms' security.
 
support@clickandpledge.biz
http://assets1.desk.com/
false
clickandpledge
Loading
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
about
false
Invalid characters found
/customer/en/portal/articles/autocomplete