Rich-text Reply

Insecure <form> call - Optimizely Snippet

Rich 06-11-15

Insecure <form> call - Optimizely Snippet

Hi All,

 

I have an issue with using Optimizely on a clients websites who need to be PCI Security Compliant. Using the website whynopadlock.com we can see if web pages are secure enough and therefore compliant. Everything is fine apart from the Optimizely snippet. Can anyone shed any light as to why and/or a possible solution to this (SSL noob right here :/).

 

Issue (Screen shot attached):

Insecure <form> call.
Found on line # 19 in file: cdn.optimizely.com/js/2204490355.js

 

Many thanks,

 

Rich

ScreenShot1565.jpg
Level 2

Re: Insecure <form> call - Optimizely Snippet

Hi Rich,

Do you have a form that submits to an insecure site in one of your experiments? It looks like this <form> call was added in your variation code. The 'pure' Optimizely snippet does not do this <form> call.

Does that make sense? Please let me know if you have any followup questions!

Best,
Amy

Amy Herbertson
Customer Success
Rich 06-15-15
 

Re: Insecure <form> call - Optimizely Snippet

Hi Amy,

Thanks for the reply! I was not testing the website URL on whynopadlock.com but the actual snippet:

The URL tested was: https://cdn.optimizely.com/js/2204490355.js

So there is no submissions to anything.

Any ideas?

Many thanks,

Rich
Level 2
JDahlinANF 06-17-15
 

Re: Insecure <form> call - Optimizely Snippet

One of your variations (inside "PMC Category Page", variation 2699250242) contains a form.  Perhaps that is the cause.

The form itself is structure just fine - it uses the SSL of the current page:

/product_detail.jsp?add=n

It looks like you have 3 form posts in your variation code - you could try removing these variation and re-examining the snippet.  If the issue goes away, then it is a defect in whynopadlock.com's algorithm.

 

If you want to test the Optimizely library and not your variations, create a new empty snippet (create a new project) and examine that new snippet.