SSL security

What is SSL?

SSL, or “secure sockets layer”, is security encryption technology used on lots of websites to prevent bad people on the internet from stealing or intercepting info submitted via online forms.

In general, sites covered with SSL protection start with the prefix https:// instead of simply http://. You might also notice a lock icon in the address bar of your browser on SSL-protected sites. 🔒

Does my shop have SSL?

Yes! Big Cartel addresses (the ones that include in the URLs) are fully SSL encrypted from top to bottom.

There are a couple of exceptions right now:

  • If you use a custom domain URL with your shop, it will not be SSL encrypted (except for the checkout which is always covered by SSL). However, built-in support for custom domain SSL is coming very soon across the board. If you use a custom domain with your shop currently, contact us for help with getting opted in for SSL.
  • If your shop has unsecured assets like images, Javascript or CSS included in the theme or product descriptions, we don’t force SSL (except for checkout which is always covered by SSL). Once you secure your assets, you can contact our support team to get opted in.

What about SSL certificates from my custom domain provider?

We don’t support file uploads to our servers, so there isn’t a way to install a third-party or custom domain SSL certificate in a Big Cartel shop. Soon, all stores with custom domains will automatically get an SSL certificate generated by us via Let’s Encrypt, so you won’t need to do anything extra (or spend any extra 💸) to get site-wide SSL.

For now, your checkout and all the pages located at URLs will always be covered automatically by SSL protection as described above, and no sensitive data is ever transferred without that layer of security.

Help, I don’t see SSL encryption in my store!

If you visit your store at your Big Cartel URL ( and don’t see the lock icon 🔒 in your address bar, or see a “mixed content warning” about unsecure content on a page, that means unsecured assets were detected in your theme. In other words, those custom files you added are located a http:// prefixes and not the secure https://.

To fix that, here are some things to look out for and what to do:

  • Are you using a custom theme that uses externally hosted, “unsecure” Javascript or CSS files? Make sure to upload those files to a secure host like Dropbox, or get in touch with your theme provider for help with uploading them to new https:// locations and updating your theme code.
  • Do you have any externally uploaded images added to product descriptions or in custom pages that aren’t hosted at secure links? You’ll need to upload your files to a secure host like Postimage or Pasteboard and update the image links to reflect the new https://-friendly addresses.
  • Still stuck? Feel free to reach out to our support team and we can lend a hand.
Contact Big Cartel

Can't find what you're looking for?

Contact us for more help

Heads up! You're using an unsupported older browser. Click to learn how to update it.