Securing Your Landing Page Domain with SSL

This feature is available for all Pro and 2017 plans.

Due to a technical issue beyond our control, we're experiencing a temporary delay in the automatic enablement of this feature for domains connected to an Unbounce account after 9:00AM PST on January 11th, 2018.


This means that for the moment, HTTPS pages on new connected domains are functioning as non-encrypted HTTP pages without an SSL certificate.


Your domain will be automatically updated with the SSL certificate as soon as we've resolved this issue. Feel free to subscribe to our Status Page for updates. 

Secure Domains and SSL

Nobody wants to have their info creeped on, especially your customers. Luckily, Secure Socket Layer (SSL) is a security technology that ensures all data passed between the web server and browser remains private and integral (i.e., SSL prevents lurkers from getting all up in your business).

When you upgrade to one of our paid plans, SSL is automatically enabled on your custom domains. You can verify whether your landing page domains are SSL-enabled by heading over to your Domain Settings page and looking for the lock icon on the left. The "http" version of your domain will still be available after SSL has been enabled on your custom domain.


A similar icon appears throughout the app wherever your domain is visible.


SSL and Customer Experience

SSL-secured domains let people viewing a landing page know that they are visiting a domain where the data is coming from a known source. When your visitors see a green padlock and an HTTPS web address in the URL field, it's their visual cue that the landing page has enhanced security.


In short, it lets them know that both product and page can be trusted. Way more appealing to click on!

Without SSL, customers may also see scary mixed content warnings when arriving at your landing page from another SSL protected site. Although non-SSL landing pages are by no means “unsafe”, the automated warning messages that pop up might cause your customers to raise an eyebrow.

Warning: Do not include external iframes/JavaScript that isn't SLL-enabled on your pages, as this will prompt "This Page Is Not Secure" browser messages to appear when customers visit your page. Also, do not include any non-SSL images as they will not show up on your landing page.

What You Can Do With SSL

Embed Third Party eCommerce Tools Directly onto your Unbounce Pages

With SSL, you can embed secure forms directly onto Unbounce pages. This is a great advantage for use cases like ecommerce. Embed an ecommerce form using your favourite ecommerce tool.

Make Your Pages Compatible With Facebook and Linkedin

With SSL in Unbounce, you can present your pages with third party applications such as Facebook and Linkedin Ads with the most efficiency. LinkedIn ads may let your page skip the moderation queue. Woo!

Global Sign (a WebTrust-certified certificate authority and provider of Identity Services) has a specific set of guidelines for securing URLs. In the unlikely case that your URL cannot be secured, you can contact Unbounce Customer Success by submitting a ticket and we'll contact Global Sign on your behalf.

Before You Switch: SSL Checklist

With the release of SSL, Unbounce now serves both “http” and “https” landing pages (unsecured and secured) on all paid account. It’s entirely up to you which version you want to use for your campaign.

For Example: and will both direct visitors to the same page.

Https: Before You Switch

To display your pages securely at “https”, all that is required is that you change the source URL to “https” from wherever you’re driving traffic (e.g. AdWords, email, or social).

Before you switch, optimize your page for SSL by confirming that your page doesn’t include any unsecured content.

The easiest way to do this is to load up your page with https and then look at the various icons in the address bar.

Examples of unsecured content include:

  • Lightboxes that pull content from unsecured sources

  • Background images in any custom CSS hosted on http
    (i.e.: ‘background:url(’

  • Favicons added to your page using custom JavaScript or Script Manager
    (i.e.: <link rel="icon" type="image/png" href="">)

  • CSS tags linking to non secure scripts
    (i.e.: <link href="" rel="stylesheet">)

  • iFrames embedded using a custom HTML widget sourcing a non secure URL
    (i.e.: <iframe src=””>)

  • Javascript tags referencing non secure scripts. These may be included as custom JavaScript in the page itself, or as scripts in the Script Manager
    (i.e. <script type=”text/javascript” src=””></script>)

We strongly recommend testing out your page on https before switching. You can do this by replacing http with https in the URL for the page your want to review.

NOTE: If you have unsecured content, your page visitors will get a mixed content warning, not only will your page not work as intended, it may negatively affect conversion rates.

If your page DOES include non-secure content:

Replace all embedded and referenced URLs with https://. This is the best solution if you intend to ALWAYS use the secure version of your landing page in your campaigns. This involves replacing all embedded and referenced URLs with https:// instead of “http://

Protocol-Less Workaround

If (and only if!) your host provides a http and https version of your page, one workaround is to change the path from a non-secure URL to a "protocol-less URL"

For Example: would become //

You Can Always Go Back

Got a mixed content warning? Don’t panic. Simply return to the source of your traffic (e.g. AdWords, email, or social) and switch your URL back to “http”.

Secure Site Seal

  1. Visit this link to get the Global Sign HTML code to embed on your page.
  2. Select your seal format:
  3. Once you’ve chosen the seal that you want to appear on your page, copy the HTML code provided.
  4. Head into the Page Builder and drop the HTML widget onto the page.
  5. Paste the code from Global sign onto your page and then delete the following lines of code:<!--- DO NOT EDIT - GlobalSign SSL Site Seal Code - DO NOT EDIT ---> and <!--- DO NOT EDIT - GlobalSign SSL Site Seal Code - DO NOT EDIT --->
  6. Publish the page and you will see the seal!

Things to know:

  • The trust seal will only appear if GlobalSign can confirm that your page has an HTTPS web address
  • If you do not remove the: <!--- DO NOT EDIT - GlobalSign SSL Site Seal Code - DO NOT EDIT ---> and <!--- DO NOT EDIT - GlobalSign SSL Site Seal Code - DO NOT EDIT --->  lines of code the HTML box in Unbounce will display an error, though the seal may still appear on your published page.


Was this article helpful?
8 out of 19 found this helpful
Powered by Zendesk