Collapse Menu
FastSpring App
Developer Tools
Contact Support

Popup Storefronts and Browser Security Features


This article discusses the importance of maintaining a security certificate for any webpage where your customers can open a Popup Storefront.

If your website does not use a secure (https) protocol, most web browsers today do not display a lock icon. When using a Popup Storefront, customers can only see your page's address in the browser's address bar. The lack of the https: protocol or a lock icon may cause some customers to abandon the purchase process without entering any payment information. Many customers have learned not to enter sensitive information online if their web browsers do not display a lock icon indicating a secure connection.

Here are examples of the lock icons used on Windows by Google Chrome and Mozilla Firefox, respectively:

Technically, information entered on a Popup Storefront is secure. When the Popup Storefront opens, customers are actually typing their information into a page on FastSpring's server, which uses the secure protocol (https). The Popup Storefront opens in an iframe on your website. But if the containing page does not use https, the customers' browsers do not display the lock icon. The browsers do not evaluate only the protocol used for the iframe, but the entire page.

In addition, current versions of Google Chrome may display a message that may cause concern for customers. For example, customers may see "Automatic credit card filling disabled because the form does not use a secure connection."

If you experience significant customer complaints or cart abandonment due to these issues, two options are available:

  • Purchase a security certificate for your website from a trusted certifying authority, and switch to the https: protocol.
  • Consider switching to a Web Storefront, which is hosted entirely on FastSpring's servers and uses the https: protocol.