4

I am using an iFrame which is hosted on another domain that has an SSL certificate. On the page where the iFrame is used I get 'Not Secure' message next to the domain in Google Chrome and the following warning in the console log:

This page includes a password or credit card input in a non-secure context. A warning has been added to the URL bar. For more information.

Note: The iFrame loads an online booking portal which includes both login details and credit card information.

In order to prevent this message from showing, would I need to purchase an SSL certificate?

I'm asking because I don't want to order one if it doesn't resolve the issue, there is a way around this without having to get a SSL certificate or if it's just not worth getting one for this situation.

Your thoughts would be highly appreciated.

Thanks in advance.

sideshowbarker
  • 81,827
  • 26
  • 193
  • 197
nsilva
  • 5,184
  • 16
  • 66
  • 108

1 Answers1

1

To help users browse the web safely, Chrome indicates connection security with an icon in the address bar. Historically, Chrome has not explicitly labelled HTTP connections as non-secure. Beginning in January 2017 (Chrome 56), we’ll mark HTTP pages that collect passwords or credit cards as non-secure, as part of a long-term plan to mark all HTTP sites as non-secure.

It applies to all sites that are not https.

Do check for any website which have login information and doesn't have https, you can view the username and password in the chrome developer window.

security page documentation

Eldho
  • 7,795
  • 5
  • 40
  • 77