How to defer loading of a Norton Secure Site Seal?

Question

I am displaying a Norton Secure Site Seal in a website and I would like to improve the page speed deferring the loading of the seal script. All the tries I've done failed and I found only this page where this is mentioned (link). Has anyone ever found a good workaround for this?
The deferred code I'm using to run my other scripts looks like this:

<script type="text/javascript">(function(d, s) {
    var js, fjs = d.getElementsByTagName(s)[0], load = function(url, id) {
        if (d.getElementById(id)) {
            return;
        }
        js = d.createElement(s);
        js.src = url;
        js.id = id;
        fjs.parentNode.insertBefore(js, fjs);
    };
    load('/js/scriptone.js', 'one');
    load('/js/scripttwo.js', 'two');
    }(document, 'script'));
</script>

In case you want to have a look to the site seal initialization script: (I'm using the flash animated seal)

<script type="text/javascript" src="https://trustseal.verisign.com/getseal?host_name=www.undisclosed.com&amp;size=S&amp;use_flash=YES&amp;use_transparent=YES&amp;lang=en"></script>

obviously this will only display correctly in my website and I opted to change the domain name for privacy. I really want to avoid using iframe and if you find relevant I am also loading jQuery

Just wondering, what is the point of displaying that sort of seal? — Bruno, Feb 14 '13 at 12:27
@FullDecent conversion to what? These seals can easily be forged and don't prove anything. — Bruno, Apr 16 '13 at 14:00
Conversion of people browsing the site to money in the bank. Forging is an option and also increases conversion. Forging can bring an unlikely risk to the business. — William Entriken, Apr 16 '13 at 18:17

William Entriken · Answer 1 · 2013-04-16T14:29:35.987

7

This is killing my business too. Seriously... +2 to +20 seconds per page load. AFYS?

We are switching to hosting the image locally but still linking to the original URL on Norton. Don't do this. Mark this answer down. It's wrong. It's illegal. But it's practical.

https://trustsealinfo.verisign.com/splash?form_file=fdf/splash.fdf&dn=WWW.EXAMPLE.COM&lang=en

UPDATE:

Real solution is to:

Call 877-438-8776, x2, x1
Tell them seal is slow and you have > 10,000 visits per day on your site
They give you media kit to install on your own site

edited Apr 16 '13 at 14:29

answered Apr 16 '13 at 14:12

William Entriken

37,208
23
149
195

If this is killing your business, why bother showing the seal at all? The fact that you can host the media kit yourself on your site is a good indication that it's worthless. It seems that by adding this seal, you're merely advertising the CA for free. – Bruno Apr 16 '13 at 15:07
1

It kills business more to not have the seal. I live by Google Analytics experiments. – William Entriken Apr 16 '13 at 18:16
Fair enough. It's a pity that some people (presumably CAs) seem to have managed to deceive some users into thinking this seal was somehow improving their security. – Bruno Apr 16 '13 at 19:51
It does prove more than showing the certificate because if you click the link you can see the results of security scans through https from norton, but you're right just the image of the badge proves nothing – o.uinn Feb 26 '15 at 13:04

score 4 · Answer 2 · answered Feb 14 '13 at 10:52

4

If you look at the code, they are using document.write.

The way I handle this is the following

document.write = function(s) {
    document.getElementById('seal-wrapper').innerHTML += s;
}

Of course this is a very simple hack which only works when there's a single script which uses document.write and you know where you want it to be written to.

answered Feb 14 '13 at 10:52

Prinzhorn

22,120
7
61
65

nice tip. will let you know if it worked and if I'll be happy to change "document.write" – w3jimmy Feb 14 '13 at 11:37

score 1 · Answer 3 · answered Dec 10 '14 at 14:05

I've tried to load seal into a iframe and then put it to where it's intended to be. It works for me. With the help of jQuery. Here it is:

Create .js file (I called it hackseal.js)

$(function () {
    if (typeof(vs_hack) !== 'undefined') {
        return;
    }
    vs_hack = true;
    var iframe = document.createElement('iframe');
    var html = '<script src="url_to_verysign" type="text/javascript"></script>';
    iframe.style.display = 'none';
    document.body.appendChild(iframe);
    iframe.contentWindow.document.open();
    iframe.contentWindow.document.write(html);
    iframe.contentWindow.document.close();
    iframe.onload = function () {
        var copy = ['dn', 'lang', 'tpt', 'vrsn_style', 'splash_url', 'seal_url', 'u1', 'u2', 'sopener', 'vrsn_splash', 'ver', 'v_ua', 're', 'v_old_ie', 'v_mact', 'v_mDown', 'v_resized'];
        for (var copy_i in copy) {
            window[copy[copy_i]] = iframe.contentWindow[copy[copy_i]];
        }
        $('script#seal-sign').replaceWith(iframe.contentWindow.document.body.innerHTML);
    }
});

Change the original code from this

<script type="text/javascript" src="url_to_verysign"></script>

to this

<script id="seal-sign" type="text/javascript" src="url_to_hackseal.js"></script>

How to defer loading of a Norton Secure Site Seal?

3 Answers3

Linked