Securing your Domains with SSL
Everyone is looking to keep their information more secure. Luckily, Secure Socket Layer (SSL) is a security technology that ensures all data passed between the web server and the browser remains private and integral (i.e., SSL prevents lurkers from getting all up in your business).
Enabling SSL is available on almost all Unbounce plans. Rest assured, the HTTP version of your domain will still be available after SSL has been enabled on your custom domain.
You can verify whether your landing page domains are SSL-enabled by heading over to your Domains tab and looking for the lock icon on the left of your custom domain:
A similar icon appears throughout the app wherever your domain is visible. Here is an example of the domain and URL within the Page Overview:
If you would like to ensure the secured (HTTPS) version of your pages render for all your visitors, follow these steps:
- Head over to the Domains tab on the left-hand side of the Unbounce App.
- Toggle the Force 'https' on all non-WordPress domains button on the top-right.
- You're all set! Given the SSL a few moments to propagate, and your pages should load as SSL-secure.
If you have some trouble seeing these changes right away, refresh your browser cache & history, and test your page in an incognito window.
SSL and Customer Experience
SSL-secured domains let people viewing a landing page know that they are visiting a domain where the data is coming from a known source. When your visitors see a green padlock and an HTTPS web address in the URL field, it's their visual cue that the landing page has enhanced security.
Without SSL, customers may also see scary mixed content warnings when arriving at your landing page from another SSL-protected site.
Although non-SSL landing pages are by no means “unsafe,” the automated warning messages that pop up might cause your page visitors to worry.
What You Can Do With SSL
Embed Third Party eCommerce Tools Directly onto your Unbounce Pages
With SSL, you can embed secure forms directly onto Unbounce pages. This is a great advantage for use cases like e-commerce. Embed an e-commerce form using your favorite e-commerce tool.
Make Your Pages Compatible With Facebook, Linkedin, & Google Ads
With SSL in Unbounce, you can present your pages with third-party applications such as Facebook, Linkedin, and Google Ads with the most efficiency.
Before You Switch: SSL Checklist
Before you switch, optimize your page for SSL by confirming that your pages don't include any content that isn't secure.
The easiest way to do this is to load up your page with HTTPS and then look at the various icons in the address bar.
Examples of unsecured content include:
- Lightboxes that pull content from sources that are not secure.
- Background images in any custom CSS hosted on an HTTP server:
for example, if your image URL is "http://example.com/backgroundimage.jpg
<link rel="icon" type="image/png" href="http://example.com/myicon.png">
<link href="http://example.com/styles.css" rel="stylesheet">
We strongly recommend testing out your page on HTTPS before switching. You can do this by replacing HTTP with HTTPS in the URL for the page your want to review, using the browser search.
If you have unsecured content, your page visitors will get a mixed content warning; not only will your page not work as intended, it may negatively affect conversion rates.
What to do if your page includes content that is not secure?
Replace all embedded and referenced URLs with https://
This is the best solution if you intend to ALWAYS use your landing page's secure version in your campaigns. This involves replacing all embedded and referenced URLs with https:// instead of “http://
You Can Always Go Back
Got a mixed content warning? Don’t panic. Simply return to the source of your traffic (e.g., Google Ads, email, or social) and switch your URL back to HTTP. Be sure to switch off the Force HTTPS setting in your Domains screen as well.
Rest assured, with the SSL release, Unbounce serves both HTTP and HTTPS landing pages on all subscription plans. It’s entirely up to you which version you want to use for your campaign.
For example, http://www.example.com and https://www.example.com, will both direct visitors to the same page.
Protocol-Less Workaround (if you're feeling super tech-savvy)
If (and only if!) your host provides an HTTP and HTTPS version of your page, one workaround is to change the path from a non-secure URL to a "protocol-less URL."
http://example.com/asset.ext would become //example.com/asset.ext
Frequently Asked Questions
Can I enable SSL on unbouncepages.com domains?
SSL only works with custom domains and is unavailable for landing pages using
unbouncepages.com. You can follow the steps to connecting your custom domain within our documentation: Connecting your Domain in Unbounce.
Is SSL available with my Unbounce Subscription?
SSL is available on all current plans and all legacy plans. However, If you’re currently on a Starter plan and would like SSL enabled for your custom domain, you may need to contact us with the domain name, and we can help assist!
Can I use my own SSL Proxy, such as Cloudflare?
Certain SSL proxies can be quite intense as they can also block your landing page content from loading within the browser, or disrupt the CNAME configuration for your custom domain. It’s best to remove any custom SSL proxies if possible.
As for Cloudflare, this works great as a domain provider! But when the Cloudfare proxy is enabled, it can block & disrupt Unbounce's CNAME record detection and prevent SSL enabling. Do remove the Cloudflare proxy if possible.