Secure Sockets Layer, or SSL, is a technology that secures the connection between your browser and the website you’re visiting. SSL protection allows visitors to navigate a website and submit information through a secure connection.
A SSL protected web page has two security indications on the browser address bar: A URL beginning with https://, instead of http://, and a closed padlock icon.
What's covered in this article:
How Do I Know If My Website Has an SSL Certificate?
When a SSL is enabled on a website, the URL address starts with https://, and/or there will be an indicator that informs you that the connection is secure.
Google Chrome:
Safari:
How Do I Get an SSL Certificate?
SSL can typically be added to your website by your web developer or through your website hosting service. Certain website hosting services offer free SSL certificates, and some require a minimal yearly fee. We recommend contacting your developer or website hosting service provider to see what options are available to you.
Benefits of Protecting Your Site with SSL
Security
SSL secures your website. Specifically, it provides three key benefits:
- Privacy: SSL encrypts the connection between a visitor's browser and the website’s server to securely transmits information (like passwords, or credit card information). This data transmission encryption prevents unauthorized parties from eavesdropping.
- Data integrity: SSL prevents unauthorized parties from altering data during transmission.
- Authentication: SSL protects consumers against impersonation by requiring web server proof of identity.
Improved SEO
SSL improves search performance. In 2014 Google announced that SSL-secured websites would enjoy a stronger rankings boost in their search results. This also means that unsecured websites could be potentially harming their search ranking and SEO stature.
Customer Trust
SSL increases customer trust. Security-conscious consumers look for the security indications in the address bar before they enter personally identifiable information (PII) online.
Xola provides an embedded checkout aimed at keeping consumers on your website from activity discovery through booking. Although Xola’s checkout is 100% secure (PCI-compliant, 256-bit encryption, and Norton-compliant), certain browsers won’t display the “Secure” notification unless the hosting website is SSL-secured.
Adding SSL to your website will ensure that customers see the “Secure” notification, and know that their information is safe.
As stated above, some popular browsers display a “Not Secure” alert in the URL bar when a consumer visits an unsecured (HTTP) web page that collects password, or credit card information. Certain browsers also display a security alert directly below the data input field.
Google announced that starting on October 2017 the Chrome browser will display a “Not Secure” alert to consumers visiting any unsecured (HTTP) web page that contains a text input field, such as a search bar. The internet giant has also shared its plans to create a more secure internet by ultimately flagging every HTTP page as “Not Secure” upon page load.
About Secure Credit Card Bookings
Secure Payment Processing
With Xola, your customers’ purchases are always safe.
Whether or not your own website is secure, the data transmitted through the Xola checkout window is always passed over a secure HTTPS connection. This protects and encrypts your customer's personal information and all credit card information.
Xola is PCI compliant and all payment processors we integrate with are PCI level 1 compliant (the most secure level).
For additional security, credit card data is never stored on Xola servers. They are always stored directly with the end payment processor so that confidential data is doubly secure.
Xola Checkout Widget
While it is recommended that your website be hosted over a secure connection, it is not required.
When a consumer clicks a Book Now button, the Xola checkout app opens in a secure iFrame within your own website. All data transmitted to and from the iFrame happens over a secure connection and any booking placed from within the Xola checkout app is fully secured with our Symantec SSL certificate. Symantec is one of the most well-known and trusted names in Internet security. Symantec SSL certificates may also be referred to as "Verisign" or "Norton" SSL certificates.
Troubleshooting
I have SSL but still don’t see the “Secure” notification in the address bar
A: After adding SSL to your website, you’ll also need to make sure that you’re redirecting traffic to the new HTTPS pages, and loading all site assets (such as images and links) over HTTPS as well.
This is because Google sees the same web page on HTTP and HTTPS as two different pages. So, you will need to add redirects to help consumers and search engine crawlers reach the new secure pages. Learn more about redirecting to HTTPS.
Why are my customers being told their booking isn’t secure?
As of January 2017, consumers inputting sensitive data, such as a password or credit card information, on a HTTP web page see the following warning alert in the address bar of Chrome, Firefox, and Opera browser:
Image Source: Google Security Blog
This is because the browser is looking at the security of the website and scanning the page URL for the HTTPS indication of SSL. Although your checkout is secured by Xola, if your website does not have an SSL certificate consumers will see this message.
To avoid this issue - and to make your site more trustworthy- we recommend protecting it with SSL. Learn how to add SSL to your site.
Most importantly, even if a consumer sees this alert, the booking and payment processes are and will always be 100% secure through Xola.
Is Xola SSL Certified?
Yes. Xola adheres to the highest levels of privacy and data security. Every bit of data collected and transferred between your customers, your website, and Xola’s servers is encrypted and protected. Xola’s checkout is PCI-compliant, Norton Secure, and uses 256-bit encryption. We also only integrate with PCI level 1 compliant payment processors (the most secure level).
When people book an activity using Xola, all the data collected (from email addresses to credit card information) is encrypted and transmitted over a secure connection. We use Symantec SSL certificates (Verisign / Norton) to encrypt the data transferred to and from Xola.com. Symantec is one of the most well-known and trusted names in internet security.
For additional security, credit card data is never stored on Xola servers. This information is only stored with the end payment processor so that sensitive information is twice as secure.
While the data collected and transmitted to and from Xola.com is always over a secure connection, the customer’s browser may still display a “Not Secure” alert if your website is not SSL-protected.