Properly Implementing SSL for SmarterTrack

Beginning with Google Chrome version 80, Google changed how the browser handles third-party cookies. This change could impact the accessibility of a SmarterTrack site and the Live Chat and Who’s On features. This is because both features require JavaScript code to be implemented on a website, or on multiple websites, for Live Chat and Who’s On to work. It’s this code that can be impacted with Chrome’s changes, especially when utilizing SmarterTrack’s multiple Brand support across multiple different domains.

Regardless of the changes made by Chrome, using SSL for your SmarterTrack portal and site, and all your external websites, is considered a best practice. Properly implementing SSL for the SmarterTrack installation, the domains being referenced, and the scripts generated by SmarterTrack are also considered best practices.

Problems That Can Occur Without SSL
  • If you have added SmarterTrack's live chat widget to your company website(s), the widget may not be visible to visitors accessing your site.
  • If you utilize SmarterTrack's Who's On feature to pull visitor data from your company website(s), Who's On data may not be returned properly to SmarterTrack.
As you probably know, cookies are small text files that contain information about your use of a website. These files can be used by advertisers and analytics firms to track users as they travel around the web, which can be troubling for some users. As such, the intent with this change, and future updates to Chrome and other browsers, is to protect user privacy by implementing changes to how third-party cookies are handled. Therefore, taking the steps outlined in this article will help ensure your site is accessible and working as expected, regardless of the browsers used to access your websites and SmarterTrack installations.

Single Domain Integrations
If your website and SmarterTrack site share the same domain – for example, domain.com is your website and SmarterTrack uses support.domain.com -- setting up SSL for both is important. This is because, at some point, you won't be able to function without it. Chrome is already warning users when they access a website that isn’t secured via SSL, and it will eventually start refusing connections to unsecured URLs entirely.

Multiple Domain Integrations (Multiple Brands)
If you’re using SmarterTrack to support multiple different Brands, across multiple different domains, using SSL across those websites as well as your SmarterTrack installation, and then referencing secured links in the JavaScript for features such as Live Chat and/or Who’s On, is imperative.

For example, you’re using domain.com for your website and SmarterTrack is using support.domain.com, but you also have myOtherDomain.com and myThirdDomain.com as well. Utilizing SmarterTrack’s multiple Brand support, you’re using Live Chat and/or Who’s On across all three of these sites.

With this type of set up, having SSL set up for all the domains is crucial. But since you’re using Live Chat and Who’s On for those other websites, you also need to ensure that the JavaScript code you’ve placed on those domains calls back to SmarterTrack using the proper, SSL-enabled URLs.

Steps to Take to Implement SSL Successfully
  1. FIRST AND FOREMOST: Be sure you’ve running the latest version of SmarterTrack, beginning with Build 7348. (If necessary, you may need to upgrade to that Build.) This is because there are necessary changes in that Build to accommodate Chrome's cookie changes. 
  2. If not done already, set SSL up for your Smartertrack domain. To make things easy, you may want to set up a wildcard certificate for your primary domain, which will secure that main domain and any sub-domains you use from it. (E.g., support.domain.com.) 
  3. Set up the same for any other domains you have, but particularly those domains that are used for in multiple Brand support in SmarterTrack. 
  4. Ensure that the Live chat and Who's On JavaScript code used for any website integration supports HTTPS.   
  5. Set things up to force SmarterTrack traffic over HTTPS.
With these changes to how you’ve set up your websites, and your SmarterTrack installation, you’ll be following best practices, your sites and SmarterTrack will interact properly, and you’ll be covered as browser manufacturers begin implementing more and more changes to protect user privacy.