Create a website

Try UGAL for free for 30 days

No commitment, no credit card required


Securing sensitive pages with https

January 19, 2015


UGAL was just updated with a security related update, and all requests for pages containing sensitive information are now secured with https.

Requests for sensitive pages on your custom domain name (eg are now automatically redirected to their secure version hosted on a sub-domain of (eg

Using https is important

When using a secure https connection, the information exchanged between web servers and web browsers is encrypted and cannot be decrypted by someone listening to the traffic between them.

For example, if you were to use http to login to a website from a public place, anyone in the same public place could easily "listen" to the traffic and grab your password that was sent in clear over http.

When using https, your password is encrypted by your web browser and can only be decrypted by the server that receives it. Anyone "listening" to traffic would then only be able to intercept the encrypted version of your password, which is of no use.

Securing sensitive pages only

Most of the pages on your website are made to be public, so serving them over http is not a security issue and only the following sensitive pages of your website are secured with https:

  • Your website login page at and the user account management pages at
  • Your online shop checkout pages at
  • Your UGAL account management pages at

All the other pages of your website are served with standard http.

Contact us !

The update requires that user data (eg shopping carts) is shared between different domains ( and We use cookies for that, and since cookies cannot be shared between domains (for security reasons!), we had to implement tricks based on redirects between http and https pages to make it work.

Please contact us as quickly as possible in case you notice issues with our implementation.

To a more secure 2015 !

Create a website

Try UGAL for free for 30 days

No commitment, no credit card required

Newsletter subscription