You must now host all Stripe payments on a HTTPS site. If you don't do so, your ResDiary widget will not be able to take payments and will redirect to your secure ResDiary microsite. See below for why this is important for your business.

By ResDiary | Published on January 19th, 2017

People often ask us how can they enter their credit card details on a website or booking widget, giving personal information, and feel confident that their data is secure? This is a very important question facing all restaurateurs taking online payments.To safeguard your online bookings, especially if you take payments or take credit card details for reservations, it is crucial that your website is secure. How do you make your website secure? The answer lies in switching your website from HTTP to HTTPS, something you must now do in order to use a ResDiary widget. If your connection is not secure, your widget will automatically change to a ResDiary Book Button, redirecting to our secure microsite.

 What is HTTP & HTTPS?

HTTP (Hyper Text Transfer Protocol) is an online procedure for exchanging information between two computers. Any information that is sent over HTTP can be intercepted and read by a third party. For customers sending their credit card details to you, sending said details via HTTP is a security risk and will create a barrier to booking on your site.

The addition of HTTPS ( Hyper Text Transfer Protocol Secure) to your website means that any data exchanged between two computers is encrypted so even if the transaction is intercepted by a third party, it cannot be read.

How do I change my website from HTTP to HTTPS?

See our article on changing over here.

I use a widget for my bookings. Is that secure?

The ResDiary booking widget always uses HTTPS. However, our payment provider Stripe now says that you must host all payments on a HTTPS site. This means that if your site is not HTTPS, your booking widget will not work for payments. Until you change this over, it will automatically redirect to your microsite via a ResDiary book button.

How do you safeguard online payments?

The payments of deposits and secure storage of credit card details via ResDiary Guarantees (aka tokenization) are all processed securely via Stripe. Stripe is the leading international payment provider giving you and your customers ultimate protection and peace of mind.

Please note: Google Chrome Autofill

If a customer is viewing an HTTP site on Google Chrome and uses autofill functions to fill in their credit card details, Chrome will warn them about an insecure connection through the booking process. This will definitely result in a high level of abandoned bookings where the booking requires credit card details or payments.

To overcome this, you must make the following changes to your website:

  • Change the iframe src property on the restaurant website to use https e.g.
    <iframe frameborder=”0″ src=”” allowtransparency=”true” style=”width: 300px; height: 460px”></iframe> AND
  • Change the restaurant website to https and install the correct ssl certificate on the server.Ensure that this is done for all pages on your site, particularly the page that contains the booking widget.
  • OR re-direct from the restaurant website to the restaurant’s own (free) mobile optimised web page on

Only once both of those things are done will users be able to use Google’s autofill for CC details. Otherwise Chrome will warn about an insecure connection. Just doing point 1 above is not enough and only doing point 2 will mean the widget iframe will not load.

Useful links for more on best practices when using HTTPS

  • ResDiary Stripe announcement. Learn More
  • From Google Support ‘Secure Your Website with HTTPS’ Learn More
  • Ignite Visibility – ‘Guide to switching from HTTP to HTTPS for SEO’ Learn More
  • designModo- ‘How to Move a WordPress Website from HTTP to HTTPS’ Learn More
  • There’s almost no excuse for restaurants to not have https now. There’s a free service available that can grant certificates so they don’t need to pay for them: A restaurant can install a simple tool on their website  that handles their certificates and renewals  for them automatically.