HTTPS Activation For All Surveys
Some time ago, we changed SmartSurvey so that by default all newly-created surveys would have HTTPS (TLS 1.2+) security activated by default, and a few weeks ago we removed the option to disable SSL on surveys.
From March 1st, we will be starting the process of ensuring all SmartSurvey surveys use secure browsing by changing all live surveys to use HTTPS. This will be the start of a staggered rollout to make all SmartSurvey surveys use HTTPS.
For more information about what this means, read on.
What is HTTPS?
HTTPS is a term that’s currently used to refer to technologies allowing secure internet browsing, where data moving in either direction between a website and the user interacting with it is encrypted. Websites that are secured with HTTPS have addresses that start https:// instead of http:// and a padlock icon is shown in the address bar to show that traffic to and from that website is secure.
Why is this change happening?
The organisations that oversee internet standards have been recommending that all traffic to and from websites uses HTTPS for a couple of years now. This recommendation has led to modern browsers being programmed to show warnings and blocking messages when the person using them navigates to a page that doesn’t use HTTPS. These warnings are getting more severe as time goes on and are intentionally difficult to get past. This change is to ensure a smooth and secure experience for all respondents.
Will my surveys still work?
To prevent Survey respondents being blocked from SmartSurvey surveys, we already made HTTPS the default setting for surveys a couple of years ago. This means that for the vast majority of surveys, nothing at all will change. All tracking links to surveys will work as before – with anyone clicking an http:// tracking link being taken to the https:// version automatically. However, If you have any live surveys with insecure content, it might be a good idea to quickly check them.
The most likely issue that may arise is where surveys use externally-hosted content. Browsers will throw a warning when a page is using an https:// link but includes sub-elements that are not. Most frequently, this is caused by images.
If this happens, how can I fix it?
There are two ways to correct this. The first is to replace any externally-hosted images with images hosted via our file library. The second is to ensure that any server you may use to host content is secured via SSL, and that URLs in the survey content that direct to that content start with https://.