HTTPS and security

LiftIgniter defaults to using the same protocol as the website. If the website uses HTTP, LiftIgniter will also use HTTP for cdn.petametrics.com, api.petametrics.com, and query.petametrics.com. If the website uses HTTPS, LiftIgniter will also use HTTPS for all three.

It is possible for you to enhance the security of LiftIgniter use by forcing the use of HTTPS even if your main site does not use HTTP yet. Here is how you would do it.

Loading JavaScript via HTTPS

To load our JavaScript via HTTPS, you will need to replace the '//cdn.petametrics.com' in the snippet with 'https://cdn.petametrics.com'.

HTTPS for API and query endpoints

For each of our endpoints that you want to use as HTTPS, you have to initialize with a config pointing to the HTTPS version of the endpoint.

Below is a sample JavaScript snippet that forces HTTPS for JavaScript and for all the API and query endpoints.

<script type="text/javascript">
// Ensures that our client code is updated.
(function(w,d,s,p,v,e,r) {w['$igniter_var']=v;w[v]=w[v]||function(){(w[v].q=w[v].q||[]).push(
arguments)};w[v].l=1*new Date();e=d.createElement(s),r=d.getElementsByTagName(s)[0];e.async=1;
e.src=p+'?ts='+(+new Date()/3600000|0);
r.parentNode.insertBefore(e,r)})(window,document,'script','https://cdn.petametrics.com/{JAVASCRIPT_KEY}.js','$p');
// Don't forget to REPLACE JAVASCRIPT_KEY for cdn url.

var customConfig = {
  config : {
    sdk : {
      queryServer: "https://query.petametrics.com"
    },
    activity : {
      activityServer: "https://query.petametrics.com"
    },
    inventory : {
      inventoryServer: "https://query.petametrics.com"
    }
  }
}
$p("init", {JAVASCRIPT_KEY}, customConfig); // REPLACE JAVASCRIPT_KEY
$p("send", "pageview");
</script>

Performance implications of HTTPS

Using HTTPS causes a slight increase in end-user latency due to an increase in the number of round trips. In our experience, switching to HTTPS increases latency by a few hundred milliseconds and increases client timeouts by about 50% (from 0.5% to 0.75% in one time interval we measured). The precise numbers will depend heavily on the geographical location, device type, connection quality, and newness of your users (users will see fewer timeouts later in the same session due to session tokens being cached).

HTTPS for LiftIgniter Lab

The LiftIgniter Lab is currently available via both HTTP and HTTPS. Unencrypted HTTP support for the lab will be deprecated soon, so that all connections will be redirected to HTTPS. Until then, we recommend using HTTPS for the Lab by explicitly typing https://lab.liftigniter.com.