{"id":7146,"date":"2024-04-14T17:04:56","date_gmt":"2024-04-14T09:04:56","guid":{"rendered":"https:\/\/webflow.tenten.co\/?p=7146"},"modified":"2024-04-14T17:04:56","modified_gmt":"2024-04-14T09:04:56","slug":"resolve-website-security-concerns","status":"publish","type":"post","link":"https:\/\/webflow.tenten.co\/en\/resolve-website-security-concerns\/","title":{"rendered":"Resolve website security concerns"},"content":{"rendered":"\n<div class=\"docs_rich-text w-richtext\">\n<p id=\"\">Websites are typically served on either HTTP or HTTPS. The term HTTPS, also referred to as &#8220;HTTP over TLS&#8221; or \u201cHTTP over SSL,\u201d is widely acknowledged as the secure protocol.<\/p>\n<p id=\"\">Most browsers indicate if a website is secure (loaded over HTTPS) by displaying a \u201clock\u201d icon next to the website&#8217;s address in the URL bar. Some browsers also notify users if a site is not secure. Instances where web pages do not utilize a private connection may trigger &#8220;Not secure&#8221; errors, indicating potential security risks for sensitive information like passwords and credit card details.<\/p>\n<figure id=\"\" class=\"w-richtext-figure-type-image w-richtext-align-fullwidth\" data-rt-type=\"image\" data-rt-align=\"fullwidth\" data-rt-max-width=\"1501px\">\n<div id=\"\"><img decoding=\"async\" src=\"https:\/\/webflow.tenten.co\/wp-content\/uploads\/2024\/04\/64b94920bdd37d12dce6246e_62fc0111395b5906f0bb63e0_ubxgmpeusmkiiekswairjgr_iywam79-_o3uyg30onoyv2igopflo3v2uokkenpdfgirauoudfv2yj077l0tzg7idwcge-5ldqujtqidorshydb6ybeiedxluhebko1_rn8rwmzttupsmuqdiuy9yp.png\" id=\"\" width=\"auto\" height=\"auto\" loading=\"auto\" alt=\"Examples of the URL bar icons: A \u201clock\u201d icon for \u201cSecure\u201d, an \u201cinfo\u201d icon for \u201cInfo or Not secure,\u201d and an \u201cexclamation mark in a triangle\u201d icon for \u201cNot secure or Dangerous\u201d\" title=\"64b94920bdd37d12dce6246e_62fc0111395b5906f0bb63e0_ubxgmpeusmkiiekswairjgr_iywam79-_o3uyg30onoyv2igopflo3v2uokkenpdfgirauoudfv2yj077l0tzg7idwcge-5ldqujtqidorshydb6ybeiedxluhebko1_rn8rwmzttupsmuqdiuy9yp\"><\/div>\n<\/figure>\n<p id=\"\">To gain more insights into your site&#8217;s security, simply click on the icon\/label positioned next to your site&#8217;s URL in the address bar.<\/p>\n<figure id=\"\" class=\"w-richtext-figure-type-image w-richtext-align-fullwidth\" data-rt-type=\"image\" data-rt-align=\"fullwidth\" data-rt-max-width=\"1501px\">\n<div id=\"\"><img decoding=\"async\" src=\"https:\/\/webflow.tenten.co\/wp-content\/uploads\/2024\/04\/64b94920bdd37d12dce6246a_62fc011191800cbe816f5410_88kxkltrqj_s14uoolxa0lclmy06uyltlq23v-lpjixj_hwt91w0ufuneh7hvr0jce_egqv74-ibbikw3iepf14_zw1rqddxztvt3b5zanloge-m6yh5io3qkuo2v3b6popo1l64pprufjkhrry-qb\"><\/div>\n<\/figure>\n<p id=\"\">Due to various security and privacy considerations, your browser might encounter challenges while loading your site. In such instances, you may encounter an error page titled \u201cYour connection is not private\u201d or \u201cThis connection is untrusted.\u201d To test how your browser handles SSL errors, visit <a href=\"https:\/\/expired.badssl.com\" target=\"_blank\" id=\"\" rel=\"noopener\">expired.badssl.com<\/a>.<\/p>\n<figure id=\"\" class=\"w-richtext-figure-type-image w-richtext-align-fullwidth\" data-rt-type=\"image\" data-rt-align=\"fullwidth\" data-rt-max-width=\"1501px\">\n<div id=\"\"><img decoding=\"async\" src=\"https:\/\/webflow.tenten.co\/wp-content\/uploads\/2024\/04\/64b94920bdd37d12dce6247a_62fc011025659e47e4ead031_l7z9nl9wjgr-4le6yaz6yx1fqmp9jhfsxna0psag3tizr568vzfp-9duwipqfskf7-908fatzqmqhimotm2s0uesq9zu_fwp07-nqv6dp9yqyvudmtlxlouthlt_zwlytz5ru5ssoi87elkglfsse3\"><\/div>\n<\/figure>\n<figure id=\"\" class=\"w-richtext-figure-type-image w-richtext-align-fullwidth\" data-rt-type=\"image\" data-rt-align=\"fullwidth\" data-rt-max-width=\"1501px\">\n<div id=\"\"><img decoding=\"async\" src=\"https:\/\/webflow.tenten.co\/wp-content\/uploads\/2024\/04\/64b94920bdd37d12dce62477_62fc011146646925037d6e38_adl5xfe6b8tam2vojnwky8dthkizlv6mnmya_nbcexu7ox6ll3_csfz5rtzhph0sgq2zozqt0h2f3fgxivl0wc2nlvlh0tfjzykencgxvjv7-f1skrmmalcrjcxahbqkjlyguhr2ysr66ji01w83ab\"><\/div>\n<\/figure>\n<h2 id=\"\">Useful references<\/h2>\n<ul id=\"\">\n<li id=\"\"><a href=\"https:\/\/support.google.com\/chrome\/answer\/95617?hl=en\" target=\"_blank\" id=\"\" rel=\"noopener\">Chrome: Verify a site\u2019s secure connection status<\/a><\/li>\n<li id=\"\"><a href=\"https:\/\/support.mozilla.org\/en-US\/kb\/how-do-i-tell-if-my-connection-is-secure\" target=\"_blank\" id=\"\" rel=\"noopener\">Firefox: Methods to determine your connection&#8217;s security status with a website<\/a><\/li>\n<li id=\"\"><a href=\"https:\/\/support.apple.com\/en-lb\/guide\/safari\/avoid-fraud-by-using-encrypted-websites-sfri40697\/mac\" target=\"_blank\" id=\"\" rel=\"noopener\">Safari: Check if a website is encrypted to prevent fraud<\/a><\/li>\n<\/ul>\n<h2 id=\"\">Steps to safeguard your Webflow site<\/h2>\n<p id=\"\">Ensuring the security of your site across all browsers used by visitors is essential. With Webflow SSL hosting, this aspect is taken care of! Also, note that Google provides a slight boost in search rankings to websites served over HTTPS.<\/p>\n<h3 id=\"\">How to activate SSL<\/h3>\n<p id=\"\">Starting from 14 November 2018, SSL is automatically activated for all new sites hosted on Webflow. In case you disabled SSL and wish to re-enable it, follow these steps under <strong id=\"\">Site settings<\/strong>.<\/p>\n<p id=\"\">To enable SSL hosting for a site:<\/p>\n<ol id=\"\">\n<li id=\"\">Navigate to <strong id=\"\">Site settings<\/strong> &gt; <strong id=\"\">Publishing<\/strong> tab &gt; <strong id=\"\">Advanced publishing options<\/strong><\/li>\n<li id=\"\">Switch on <strong id=\"\">Enable SSL <\/strong>from the options<\/li>\n<\/ol>\n<blockquote id=\"\"><p><strong id=\"\">Note:<\/strong> Whenever you toggle SSL on or off for a site hosted on Webflow, remember to update your DNS records to ensure smooth site functionality.<\/p><\/blockquote>\n<p id=\"\">After activating SSL hosting for your site, try accessing it in any browser. It should load with an <strong id=\"\">https:\/\/<\/strong> prefix or without any security alerts. You may also notice a \u201clock\u201d icon in the URL bar, implying that your site is secure. Clicking on the \u201clock\u201d icon will provide further details on the site\u2019s security.<\/p>\n<figure id=\"\" class=\"w-richtext-figure-type-image w-richtext-align-fullwidth\" data-rt-type=\"image\" data-rt-align=\"fullwidth\" data-rt-max-width=\"1501px\">\n<div id=\"\"><img decoding=\"async\" src=\"https:\/\/webflow.tenten.co\/wp-content\/uploads\/2024\/04\/64b94920bdd37d12dce62482_62fc011167c5509c588a07e5_hazlegvotfxwsj1ln06aryqyvozuvsacpe8nxmmrmc2jxnomtex-ol945vqn1u2lkgxjfvgxn04faqmo_eobwtr8rdfrpe0sbsfmevhiigak8y7ku_g2tkjhrdqfrofvffmo4yvq75ckbv4yavv1o6\"><\/div>\n<\/figure>\n<figure id=\"\" class=\"w-richtext-figure-type-image w-richtext-align-fullwidth\" data-rt-type=\"image\" data-rt-align=\"fullwidth\" data-rt-max-width=\"1501px\">\n<div id=\"\"><imgr src=\"https:\/\/webflow.tenten.co\/wp-content\/uploads\/2024\/04\/64b94920bdd37d12dce62474_62fc0111d2240912f2b99fda_y18fhpteeowqjzzfafp3sx806zyl7dfd-gczkqqaujbfydhl5imfkmyzthj2ybd9b_oszc50sjcm2_nnlfedo-xl2am6sia9wlqpd-tcaqdgvy-srq7gpgvthle-zypvzfy-nw4lysnz2cqunnpb2s.png\" id=\"\" width=\"auto\" height=\"auto\" loading=\"auto\" alt=\"The pop-up that pops up after tapping \u201cConnection is protected.\u201d It indicates that passcodes and payment card numbers are confidential when relayed to the site, and informs that the certificate is valid.\" title=\"64b94920bdd37d12dce62474_62fc0111d2240912f2b99fda_y18fhpteeowqjzzfafp3sx806zyl7dfd-gczkqqaujbfydhl5imfkmyzthj2ybd9b_oszc50sjcm2_nnlfedo-xl2am6sia9wlqpd-tcaqdgvy-srq7gpgvthle-zypvzfy-nw4lysnz2cqunnpb2s\"><\/div>\n<\/figure>\n<blockquote id=\"\"><p><strong id=\"\">Essential:<\/strong> Following the activation of SSL, Webflow autonomously configures a 301 redirect for your domain\u2019s <strong id=\"\">http:\/\/<\/strong> URL. This action will direct anyone accessing the former link to the new <strong id=\"\">https:\/\/<\/strong> version.\u00a0<\/p><\/blockquote>\n<h6 id=\"\"><strong id=\"\">Tip:<\/strong> Webflow SSL hosting certificates automatically undergo renewal once the existing one expires, given that the DNS records consistently point to Webflow and the site operates on Webflow SSL hosting servers. Renewal of certificates is not scheduled in advance, therefore, your monitoring tool might issue alerts when the certificate isn&#8217;t pre-installed. It&#8217;s important to note that Webflow does not automatically renew <em id=\"\">custom<\/em> SSL certificates. It is imperative that you manually update your personalized SSL certificate before expiration.<\/h6>\n<h2 id=\"\">The procedure to inform Google about your site relocation<\/h2>\n<p id=\"\">Now that you have reinstated SSL and released your site on your new HTTPS URL, it&#8217;s necessary for Google to be notified that <a href=\"https:\/\/support.google.com\/webmasters\/answer\/6033049\" target=\"_blank\" id=\"\" rel=\"noopener\">your site has been relocated<\/a>:<\/p>\n<ol id=\"\">\n<li id=\"\"><a href=\"https:\/\/support.google.com\/webmasters\/answer\/34592?hl=en\" target=\"_blank\" id=\"\" rel=\"noopener\">Include the HTTPS property<\/a> in your <a href=\"https:\/\/www.google.com\/webmasters\/tools\/home?hl=en\" target=\"_blank\" id=\"\" rel=\"noopener\">Search Console<\/a><\/li>\n<li id=\"\">Resubmit your sitemap to Google<\/li>\n<li id=\"\"><a href=\"https:\/\/support.google.com\/analytics\/answer\/3467852?hl=en&amp;ref_topic=1009620\" target=\"_blank\" id=\"\" rel=\"noopener\">Update your website&#8217;s protocol in Google Analytics<\/a> from HTTP to HTTPS<\/li>\n<\/ol>\n<h6 id=\"\"><strong id=\"\">Note:<\/strong> Google Console treats HTTP and HTTPS as distinct sites. Both the HTTP and HTTPS websites can be monitored in <a href=\"https:\/\/www.google.com\/webmasters\/tools\/home?hl=en\" target=\"_blank\" id=\"\" rel=\"noopener\">Google Search Console<\/a>. To direct site visitors towards your HTTPS URL, you can <a href=\"https:\/\/developers.google.com\/search\/docs\/advanced\/crawling\/consolidate-duplicate-urls#define-canonical\" target=\"_blank\" id=\"\" rel=\"noopener\">establish this URL as canonical<\/a>, although Google may opt for a different canonical URL. <a href=\"https:\/\/developers.google.com\/search\/docs\/advanced\/crawling\/consolidate-duplicate-urls#how-google-indexes-and-chooses-the-canonical-url\" target=\"_blank\" id=\"\" rel=\"noopener\">Learn more about Google&#8217;s canonical URL selection process<\/a>.<\/h6>\n<h2 id=\"\">Steps to solve security complications<\/h2>\n<p id=\"\">If the secure \u201clock\u201d icon is replaced with an error or warning in the URL bar, you can troubleshoot using the following steps.<\/p>\n<h3 id=\"\">Malfunctioning of your site post SSL activation<\/h3>\n<p id=\"\">SSL certificates are usually generated instantly upon SSL activation and site publication. However, in some cases, it may take longer (approximately one to two hours). To validate the integrity of your SSL setup, undertake the following steps:<\/p>\n<ul id=\"\">\n<li id=\"\">Confirm the SSL activation in <strong id=\"\">Site settings<\/strong> &gt;\u00a0 <strong id=\"\">Publishing<\/strong> tab &gt; <strong id=\"\">Advanced publishing options<\/strong><\/li>\n<li id=\"\">Validate that your DNS settings correctly lead your domain to Webflow\u2019s secure servers<\/li>\n<li id=\"\">Re-publish your site<\/li>\n<li id=\"\">Clear your browser&#8217;s cache<\/li>\n<li id=\"\">Evaluate your site in incognito mode<\/li>\n<\/ul>\n<p id=\"\">If issues persist after adhering to these steps, kindly reach out to support.<\/p>\n<h3 id=\"\">Encountering a \u201cToo many redirects\u201d or \u201cRedirect Loop\u201d error<\/h3>\n<p id=\"\">Upon SSL activation, your domain redirects to https:\/\/www.yourdomain.com in the absence of a CNAME record linked with the root domain (the one without www) in your DNS settings. Therefore, selecting the www version of your domain as the primary domain is recommended.\u00a0<\/p>\n<p id=\"\">If the root domain is chosen as the primary domain, attempts to redirect to the root domain are thwarted by the SSL setting redirecting it to the www version, leading to the visible error code: ERR_TOO_MANY_REDIRECTS. Further insights on the \u201ctoo many redirects\u201d error can be accessed. <\/p>\n<p id=\"\">To rectify this issue, designate the www version of your domain as the primary domain. Subsequently, re-publish your site and clear your browser&#8217;s cache before revisiting your site<\/p>\n<h3 id=\"\">Certain content on your site fails to load<\/h3>\n<p id=\"\">At times, the Chrome URL bar displays the \u201cinformation\u201d symbol instead of the secure \u201clock\u201d icon. Clicking on this symbol provides an explanation about the anomaly. Typically, it informs, \u201cYour connection to this site is not fully secure.\u201d This dilemma arises due to the presence of <a href=\"https:\/\/developers.google.com\/web\/fundamentals\/security\/prevent-mixed-content\/what-is-mixed-content\" target=\"_blank\" id=\"\" rel=\"noopener\">mixed content<\/a> on a site or web page.<\/p>\n<figure id=\"\" class=\"w-richtext-figure-type-image w-richtext-align-fullwidth\" data-rt-type=\"image\" data-rt-align=\"fullwidth\" data-rt-max-width=\"1501px\">\n<div id=\"\"><img decoding=\"async\" src=\"https:\/\/webflow.tenten.co\/wp-content\/uploads\/2024\/04\/64b94920bdd37d12dce6247e_62fc0111624cd7d55290ab0a_fud4f6utuifiy2fduhskhrzgw_1myw9c9tnyyp_c4ffstvkzcrll7w4lsh3mt4r7frjasyuxjfpxvaur39tb8ipxx3hmiy3yb9qmsemhkplf6zjls2x_wc1ucjp13c5qtb0t09htxfve-enpuc1n1o.png\" id=\"\" width=\"auto\" height=\"auto\" loading=\"auto\" alt='The \"info\" icon for the \"Info or Not Secure\" error.' title=\"64b94920bdd37d12dce6247e_62fc0111624cd7d55290ab0a_fud4f6utuifiy2fduhskhrzgw_1myw9c9tnyyp_c4ffstvkzcrll7w4lsh3mt4r7frjasyuxjfpxvaur39tb8ipxx3hmiy3yb9qmsemhkplf6zjls2x_wc1ucjp13c5qtb0t09htxfve-enpuc1n1o\"><\/div>\n<\/figure>\n<p id=\"\">In instances of mixed content, the site&#8217;s code comprises HTTP URLs. These URLs may exist in links, custom code, or any other link field on the site. The presence of such mixed content triggers the \u201cnot secure\u201d label for these URLs. Certain browsers may decline to load content served over HTTP.<\/p>\n<h4 id=\"\">Identifying the HTTP links<\/h4>\n<p id=\"\">Determine the location and nature of mixed content by accessing your browser&#8217;s console. To open it, press <strong id=\"\">Command<\/strong> + <strong id=\"\">Option<\/strong> + <strong id=\"\">J<\/strong> (on Mac) or <strong id=\"\">Control<\/strong> + <strong id=\"\">Shift<\/strong> + <strong id=\"\">J<\/strong> (on Windows). The console will outline the HTTP URL along with its context, possibly highlighting its presence in a form or elsewhere.<\/p>\n<p id=\"\">Subsequently, on identifying the HTTP URLs, replace them with their HTTPS counterparts, where available. Most URLs will have equivalent HTTPS versions; however, certain code or images might lack hosting on secure sites. In such cases, the content should be sourced from or hosted on secure external platforms.<\/p>\n<h6 id=\"\"><strong id=\"\">Tip:<\/strong> Unsecured code on your site can leave sensitive customer data vulnerable! It is crucial to ensure that your custom code doesn\u2019t introduce security loopholes.<\/h6>\n<h4 id=\"\">Optimal Method: Universal adoption of HTTPS<\/h4>\n<p id=\"\">Ensure URLs beginning with <strong id=\"\">https:\/\/<\/strong> are incorporated when incorporating URL links across the following areas:<\/p>\n<ul id=\"\">\n<li id=\"\">Link configurations for link elements and inline-links within text elements<\/li>\n<li id=\"\">Inline-links in rich text elements and rich text fields<\/li>\n<li id=\"\">Social media icons<\/li>\n<li id=\"\">Video elements and video fields<\/li>\n<li id=\"\">Video and media linkages within rich texts<\/li>\n<li id=\"\">CMS link fields<\/li>\n<li id=\"\">Page&#8217;s Open Graph settings<\/li>\n<li id=\"\">Page&#8217;s Site search image<\/li>\n<li id=\"\">Site-specific custom code and page custom code<\/li>\n<li id=\"\">Embedded On-page custom code elements<\/li>\n<li id=\"\">External form action URLs<\/li>\n<li id=\"\">Sitemap link in your robots.txt<\/li>\n<\/ul>\n<blockquote id=\"\"><p><strong id=\"\">Key Information:<\/strong> Webflow hosts all assets on a secure platform. Formerly, users could insert images directly into rich text elements and fields. If such content is present, be certain to upload the images via the rich text editor. This ensures that the images are hosted with a secure provider.<\/p><\/blockquote>\n<h3 id=\"\">Realization of loading issues with your site displaying &#8220;Connection not secure&#8221;<\/h3>\n<p id=\"\">In an instance where your site fails to load and the browser displays the message \u201cConnection is not private\u201d or \u201cThis Connection is Untrustworthy\u201d:<\/p>\n<ul id=\"\">\n<li id=\"\">Validate that SSL is operational and the DNS records are accurate<\/li>\n<li id=\"\">Re-publish your site<\/li>\n<li id=\"\">Conduct a test in incognito mode<\/li>\n<li id=\"\">In case of successful loading in incognito mode, clear the browser&#8217;s cache<\/li>\n<li id=\"\">If issues persist, follow <a href=\"https:\/\/support.google.com\/chrome\/answer\/99020?co=GENIE.Platform%3DDesktop&amp;hl=en\" target=\"_blank\" id=\"\" rel=\"noopener\">Google&#8217;s guide provided here<\/a><\/li>\n<\/ul>\n<p id=\"\">For further assistance, please reach out to Webflow support.<\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"Troubleshoot security issues on your Webflow website.","protected":false},"author":2,"featured_media":5261,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"om_disable_all_campaigns":false,"inline_featured_image":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"csco_display_header_overlay":false,"csco_singular_sidebar":"","csco_page_header_type":"","footnotes":""},"categories":[295],"tags":[],"class_list":{"0":"post-7146","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-hosting-code-export","8":"cs-entry"},"acf":[],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/webflow.tenten.co\/en\/wp-json\/wp\/v2\/posts\/7146","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/webflow.tenten.co\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/webflow.tenten.co\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/webflow.tenten.co\/en\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/webflow.tenten.co\/en\/wp-json\/wp\/v2\/comments?post=7146"}],"version-history":[{"count":0,"href":"https:\/\/webflow.tenten.co\/en\/wp-json\/wp\/v2\/posts\/7146\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/webflow.tenten.co\/en\/wp-json\/wp\/v2\/media\/5196"}],"wp:attachment":[{"href":"https:\/\/webflow.tenten.co\/en\/wp-json\/wp\/v2\/media?parent=7146"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/webflow.tenten.co\/en\/wp-json\/wp\/v2\/categories?post=7146"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/webflow.tenten.co\/en\/wp-json\/wp\/v2\/tags?post=7146"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}