Secure Sockets Layer, or SSL, is a technology that secures the connection between your browser and the website you’re visiting. SSL protection allows visitors to navigate a website and submit information through a secure connection.
A SSL protected web page has two security indications on the browser address bar: A URL beginning with https://, instead of http://, and a closed padlock icon.
What's covered in this article:
How Do I Know If My Website Has an SSL Certificate?
When SSL is enabled on a website, the URL address starts with https://, and/or there will be an indicator that informs you that the connection is secure.
Google Chrome:
Safari:
How Do I Get an SSL Certificate?
SSL can typically be added to your website by your web developer or through your website hosting service. Certain website hosting services offer free SSL certificates, and some require a minimal yearly fee. We recommend contacting your developer or website hosting service provider to see what options are available to you.
Benefits of Protecting Your Site with SSL
Security
SSL secures your website. Specifically, it provides three key benefits:
- Privacy: SSL encrypts the connection between a visitor's browser and the website’s server to securely transmit information (like passwords or credit card information). This data transmission encryption prevents unauthorized parties from eavesdropping.
- Data integrity: SSL prevents unauthorized parties from altering data during transmission.
- Authentication: SSL protects consumers against impersonation by requiring the web server to prove its identity.
Improved SEO
SSL improves search performance. In 2014, Google announced that SSL-secured websites would enjoy a more substantial rankings boost in their search results. This also means unsecured websites could harm their search ranking and SEO stature.
Customer Trust
SSL increases customer trust. Security-conscious consumers look for security indications in the address bar before they enter personally identifiable information (PII) online.
Xola provides an embedded checkout to keep consumers on your website from activity discovery through booking. Although Xola’s checkout is 100% secure (PCI-compliant, 256-bit encryption, and Norton-compliant), certain browsers won’t display the “Secure” notification unless the hosting website is SSL-secured.
Adding SSL to your website will ensure that customers see the “Secure” notification and know their information is safe.
As stated above, some popular browsers display a “Not Secure” alert in the URL bar when a consumer visits an unsecured (HTTP) web page that collects password or credit card information. Certain browsers also display a security alert directly below the data input field.
Google announced that starting in October 2017, the Chrome browser will display a “Not Secure” alert to consumers visiting any unsecured (HTTP) web page that contains a text input field, such as a search bar. Google has also shared its plans to create a more secure internet by ultimately flagging every HTTP page as “Not Secure” upon page load.
About Secure Credit Card Bookings
Secure Payment Processing
With Xola, your customers’ purchases are always safe.
Whether or not your website is secure, the data transmitted through the Xola checkout window is always passed over a secure HTTPS connection. This protects and encrypts your customers' personal information and credit card information.
Xola is PCI compliant; all payment processors we integrate with are PCI level 1 compliant (the most secure level).
For additional security, credit card data is never stored on Xola servers. It is always stored directly with the end payment processor, so confidential data is doubly secure.
Xola Checkout Widget
While it is recommended that your website be hosted over a secure connection, it is not required.
When a consumer clicks a Book Now button, the Xola checkout app opens in a secure iframe within your website. All data transmitted to and from the iframe happens over a secure connection, and any booking placed from within the Xola checkout app is fully secured with our Symantec SSL certificate. Symantec is one of the most well-known and trusted names in Internet security. Symantec SSL certificates may also be referred to as "Verisign" or "Norton" SSL certificates.
Troubleshooting
I have SSL, but still don’t see the “Secure” notification in the address bar.
A: After adding SSL to your website, you’ll also need to make sure that you’re redirecting traffic to the new HTTPS pages and loading all site assets (such as images and links) over HTTPS.
This is because Google sees the same web page on HTTP and HTTPS as two different pages. So, you will need to add redirects to help consumers and search engine crawlers reach the new secure pages. Learn more about redirecting to HTTPS.
Why are my customers being told their booking isn’t secure?
A: As of January 2017, consumers inputting sensitive data, such as a password or credit card information, on an HTTP web page see the following warning alert in the address bar of Chrome, Firefox, and Opera browsers:
Image Source: Google Security Blog
This is because the browser is assessing the website's security and scanning the page URL for the HTTPS indication of SSL. Although your checkout is secured by Xola, if your website does not have an SSL certificate, consumers will see this message.
We recommend protecting your site with SSL to avoid this issue and make it more trustworthy. Learn how to add SSL to your site.
Most importantly, even if a consumer sees this alert, the booking and payment processes are and will always be 100% secure through Xola.
Is Xola SSL Certified?
A: Yes. Xola adheres to the highest levels of privacy and data security. Every bit of data collected and transferred between your customers, your website, and Xola’s servers is encrypted and protected. Xola’s checkout is PCI-compliant, Norton Secure, and uses 256-bit encryption. We also only integrate with PCI level 1 compliant payment processors (the most secure level).
When people book an activity using Xola, all the data collected (from email addresses to credit card information) is encrypted and transmitted over a secure connection. We use Symantec SSL certificates (Verisign / Norton) to encrypt the data transferred to and from Xola.com. Symantec is one of the most well-known and trusted names in internet security.
For additional security, credit card data is never stored on Xola servers. This information is only stored with the end payment processor so that sensitive information is twice as secure.
While the data collected and transmitted to and from Xola.com is always over a secure connection, the customer’s browser may still display a “Not Secure” alert if your website is not SSL-protected.