HTTP vs. HTTPS
Implementing Web Push for HTTP and HTTPS websites (Chrome, Firefox, Safari)
iZooto supports two different underlying technologies for customers looking to integrate push notifications on their websites. These technologies are called the HTTPS SDK and the HTTP SDK.
Customers that have more control over the technology used to build their websites will typically support our HTTPS SDK, whereas customers that use website builder software such as Shopify or Blogger often must use our HTTP SDK.
Recommendation: We recommend new customers to always use the HTTPS SDK if their website supports it.
Using push notifications with our HTTPS SDK has the following benefits that are not available when using our HTTP SDK:
- Clarity - Push notifications are seen as officially coming from your domain name, rather than
yoursite.iz.do. This may help reduce confusion with some users.
- More subscribers - Users need to go through one less step to subscribe to notifications, meaning less friction to subscribe.
- More options - You may directly trigger the Browser Permission Request on the page users are on.
- More flexibility - Users may be migrated from one push provider to another.
Recommendation: Before using the HTTP SDK, it is recommended that customers first check if they can upgrade their website to meet the requirements for using the HTTPS SDK. We recommend using the HTTP SDK only if you cannot use the HTTPS SDK.
The following are some reasons why you may not be able to use our HTTPS SDK:
- Some HTTPS website producers do not allow uploading files to the root directory, which is required to use the HTTPS SDK. These providers include (but are not limited to): Shopify, Blogger, Drupal, Squarespace, Weebly, OpenCart, and others.
- Not all websites use HTTPS exclusively. Some websites use a combination of HTTP and HTTPS (for example, some shopping websites), and the iZooto HTTPS SDK requires exclusive use of HTTPS.
- Not all websites use HTTPS at all. Some websites only use HTTP.
Limitations of the HTTP SDK
The iZooto HTTP SDK allows website operators to work around the limitations of their website technologies to offer push notifications when they otherwise could not. The capabilities of the iZooto HTTP SDK are somewhat limited relative to our native HTTPS SDK, which is why we encourage customers to use our HTTPS SDK when possible. The effects of these limitations are as follows:
- Less clarity - Push notifications do not come from your own domain, and instead come from iZooto's sub-domain, like,
- Fewer subscribers - Users must always go through an extra step to subscribe, clicking on a button in a pop-up window that is displayed after they opt-in to notifications in order to become subscribed.
- Less flexibility - Users cannot be migrated away from iZooto.
Upgrading Websites to the HTTPS SDK
Some customers may wish to switch from the HTTP SDK to HTTPS SDK to gain the user experience benefits of the HTTPS SDK. The only requirement to upgrade is that your website must only support HTTPS and must be able to upload files to the root directory of the website.
You need to ensure that the HTTP version of your website is still not accessible. If users visit your HTTP website after you have started using our HTTPS SDK, they will not be able to subscribe.
How to Upgrade
Once your website is upgraded to HTTPS and the HTTP website redirects to the HTTPS website (HTTP website is no longer accessible), reach out to your iZooto Account Manager or [email protected] for the next steps. We will help you to get the HTTPS SDK implemented on your HTTPS website.
What website technologies require the HTTP SDK?
Several website builders must use the iZooto HTTP SDK because these technologies do not allow files to be uploaded to the root directory of the website. These website builders include:
- Some WordPress implementations
- Some Drupal implementations
- Some Joomla implementations
- Some Magento implementations
How does iZooto support HTTP sites, if push notifications require HTTPS?
Web push notifications actually do not support HTTP websites at all. We have created a workaround for this issue by sending notifications from a sub-domain of our website
.iz.do, which is an HTTPS website. The push notifications are officially sent from
yoursite.iz.do. Due to browser restrictions, our workaround requires a pop-up to be shown, since users are actually subscribing to
yoursite.iz.do. As long as you are using our HTTP implementation, this will always be true and a pop-up will always be required.
How can I get an HTTPS Certificate?
If you are looking for a free and easy way to add SSL to your website, you can use CloudFlare's Flexible SSL option. You do not need to buy an SSL certificate, but if you would like to be more secure, you can.
How do I redirect users to my HTTPS site?
If you are using CloudFlare, you can forcefully redirect all HTTP visitors to HTTPS.
Updated 11 months ago