If you're concerned with GDPR compliance, follow the steps outlined below in Force HTTPs to force the secured (https) version of your page(s) for all your visitors.
This feature is available for all Pro and 2017 plans.
Secure Domains and SSL
Nobody wants to have their info creeped on, especially your customers. Luckily, Secure Socket Layer (SSL) is a security technology that ensures all data passed between the web server and browser remains private and integral (i.e., SSL prevents lurkers from getting all up in your business).
When you sign up for one of our paid plans, SSL is automatically enabled on your custom domains. You can verify whether your landing page domains are SSL-enabled by heading over to your Domain Settings page and looking for the lock icon on the left. The "http" version of your domain will still be available after SSL has been enabled on your custom domain.
A similar icon appears throughout the app wherever your domain is visible.
DO NOT enable "force HTTPS" in Unbounce if you are already using Cloudflare to redirect to https on your domain. Doing so will cause all pages on the domain to render a 404 error page.
If you would like to force the secured (https) version of your page(s) for all your visitors, you can do so within the Domains screen by toggling the "Force 'https' for all domains" button on the top right.
SSL and Customer Experience
SSL-secured domains let people viewing a landing page know that they are visiting a domain where the data is coming from a known source. When your visitors see a green padlock and an HTTPS web address in the URL field, it's their visual cue that the landing page has enhanced security.
In short, it lets them know that both product and page can be trusted. Way more appealing to click on!
Without SSL, customers may also see scary mixed content warnings when arriving at your landing page from another SSL protected site. Although non-SSL landing pages are by no means “unsafe”, the automated warning messages that pop up might cause your customers to raise an eyebrow.
What You Can Do With SSL
Embed Third Party eCommerce Tools Directly onto your Unbounce Pages
With SSL, you can embed secure forms directly onto Unbounce pages. This is a great advantage for use cases like ecommerce. Embed an ecommerce form using your favourite ecommerce tool.
Make Your Pages Compatible With Facebook and Linkedin
With SSL in Unbounce, you can present your pages with third party applications such as Facebook and Linkedin Ads with the most efficiency. LinkedIn ads may let your page skip the moderation queue. Woo!
Before You Switch: SSL Checklist
With the release of SSL, Unbounce now serves both “http” and “https” landing pages (unsecured and secured) on all paid account. It’s entirely up to you which version you want to use for your campaign.
http://www.example.com and https://www.example.com will both direct visitors to the same page.
Https: Before You Switch
To display your pages securely at “https”, all that is required is that you force the https version within the Domain Settings page.
Before you switch, optimize your page for SSL by confirming that your page doesn’t include any unsecured content.
The easiest way to do this is to load up your page with https and then look at the various icons in the address bar.
Examples of unsecured content include:
- Lightboxes that pull content from unsecured sources
- Background images in any custom CSS hosted on http
(i.e.: <link rel="icon" type="image/png" href="http://example.com/myicon.png">)
- CSS tags linking to non secure scripts
(i.e.: <link href="http://example.com/styles.css" rel="stylesheet">)
- iFrames embedded using a custom HTML widget sourcing a non secure URL
(i.e.: <iframe src=”http://example.com/iframe.html”>)
We strongly recommend testing out your page on https before switching. You can do this by replacing http with https in the URL for the page your want to review.
NOTE: If you have unsecured content, your page visitors will get a mixed content warning, not only will your page not work as intended, it may negatively affect conversion rates.
If your page DOES include non-secure content:
Replace all embedded and referenced URLs with https://. This is the best solution if you intend to ALWAYS use the secure version of your landing page in your campaigns. This involves replacing all embedded and referenced URLs with https:// instead of “http://
If (and only if!) your host provides a http and https version of your page, one workaround is to change the path from a non-secure URL to a "protocol-less URL"
http://example.com/asset.ext would become //example.com/asset.ext
You Can Always Go Back
Got a mixed content warning? Don’t panic. Simply return to the source of your traffic (e.g. AdWords, email, or social) and switch your URL back to “http”. Be sure to switch off the Force HTTPS setting in your Domains screen as well.