How to defer loading of a Norton Secure Site Seal?

Asked 14/2, 2013 at 10:43 Answered 10/12, 2014 at 14:5

javascript ssl symantec deferred-loading norton

I am displaying a Norton Secure Site Seal in a website and I would like to improve the page speed deferring the loading of the seal script. All the tries I've done failed and I found only this page where this is mentioned (link). Has anyone ever found a good workaround for this?
The deferred code I'm using to run my other scripts looks like this:

<script type="text/javascript">(function(d, s) {
    var js, fjs = d.getElementsByTagName(s)[0], load = function(url, id) {
        if (d.getElementById(id)) {
            return;
        }
        js = d.createElement(s);
        js.src = url;
        js.id = id;
        fjs.parentNode.insertBefore(js, fjs);
    };
    load('/js/scriptone.js', 'one');
    load('/js/scripttwo.js', 'two');
    }(document, 'script'));
</script>

In case you want to have a look to the site seal initialization script: (I'm using the flash animated seal)

<script type="text/javascript" src="https://trustseal.verisign.com/getseal?host_name=www.undisclosed.com&amp;size=S&amp;use_flash=YES&amp;use_transparent=YES&amp;lang=en"></script>

obviously this will only display correctly in my website and I opted to change the domain name for privacy. I really want to avoid using iframe and if you find relevant I am also loading jQuery

Merrillmerrily answered 14/2, 2013 at 10:43 Comment(4)

Just wondering, what is the point of displaying that sort of seal? – Raving 14/2, 2013 at 12:27

@Raving it improves conversion rate – Clamatorial 16/4, 2013 at 13:55

@FullDecent conversion to what? These seals can easily be forged and don't prove anything. – Raving 16/4, 2013 at 14:0

Conversion of people browsing the site to money in the bank. Forging is an option and also increases conversion. Forging can bring an unlikely risk to the business. – Clamatorial 16/4, 2013 at 18:17

This is killing my business too. Seriously... +2 to +20 seconds per page load. AFYS?

We are switching to hosting the image locally but still linking to the original URL on Norton. Don't do this. Mark this answer down. It's wrong. It's illegal. But it's practical.

https://trustsealinfo.verisign.com/splash?form_file=fdf/splash.fdf&dn=WWW.EXAMPLE.COM&lang=en

UPDATE:

Real solution is to:

Call 877-438-8776, x2, x1
Tell them seal is slow and you have > 10,000 visits per day on your site
They give you media kit to install on your own site

Clamatorial answered 16/4, 2013 at 14:12 Comment(4)

If this is killing your business, why bother showing the seal at all? The fact that you can host the media kit yourself on your site is a good indication that it's worthless. It seems that by adding this seal, you're merely advertising the CA for free. – Raving 16/4, 2013 at 15:7

It kills business more to not have the seal. I live by Google Analytics experiments. – Clamatorial 16/4, 2013 at 18:16

Fair enough. It's a pity that some people (presumably CAs) seem to have managed to deceive some users into thinking this seal was somehow improving their security. – Raving 16/4, 2013 at 19:51

It does prove more than showing the certificate because if you click the link you can see the results of security scans through https from norton, but you're right just the image of the badge proves nothing – Tintoretto 26/2, 2015 at 13:4

If you look at the code, they are using document.write.

The way I handle this is the following

document.write = function(s) {
    document.getElementById('seal-wrapper').innerHTML += s;
}

Of course this is a very simple hack which only works when there's a single script which uses document.write and you know where you want it to be written to.

Timbuktu answered 14/2, 2013 at 10:52 Comment(1)

nice tip. will let you know if it worked and if I'll be happy to change "document.write" – Merrillmerrily 14/2, 2013 at 11:37

I've tried to load seal into a iframe and then put it to where it's intended to be. It works for me. With the help of jQuery. Here it is:

Create .js file (I called it hackseal.js)

$(function () {
    if (typeof(vs_hack) !== 'undefined') {
        return;
    }
    vs_hack = true;
    var iframe = document.createElement('iframe');
    var html = '<script src="url_to_verysign" type="text/javascript"></script>';
    iframe.style.display = 'none';
    document.body.appendChild(iframe);
    iframe.contentWindow.document.open();
    iframe.contentWindow.document.write(html);
    iframe.contentWindow.document.close();
    iframe.onload = function () {
        var copy = ['dn', 'lang', 'tpt', 'vrsn_style', 'splash_url', 'seal_url', 'u1', 'u2', 'sopener', 'vrsn_splash', 'ver', 'v_ua', 're', 'v_old_ie', 'v_mact', 'v_mDown', 'v_resized'];
        for (var copy_i in copy) {
            window[copy[copy_i]] = iframe.contentWindow[copy[copy_i]];
        }
        $('script#seal-sign').replaceWith(iframe.contentWindow.document.body.innerHTML);
    }
});

Change the original code from this

<script type="text/javascript" src="url_to_verysign"></script>

to this

<script id="seal-sign" type="text/javascript" src="url_to_hackseal.js"></script>

Quanta answered 10/12, 2014 at 14:5 Comment(0)

Recommended topics

Hot tags