Steps to apply script to pages on your website:
  1. Log into your website content management system
  2. Access “HTML edit mode” for a web page where you have an Online Express code snippet embedded
  3. Locate where the Online Express code snippet has been embedded 
  4. Locate the last line in the Online Express code snippet (it’s a closing </script> tag)
  5. On a new line, immediately below the last line of the Online Express code snippet, paste the following:
    <div id="TLSMessage"></div>
    <script type="text/javascript">
    (function () {
        var userAgent = window.navigator.userAgent.toLowerCase();
        var warningMessage = 'Your browser or operating system is out of date. In order for us to process your form securely, you must ensure that your operating system and browser are upgraded to the latest version. Checking that your operating system and browser are fully up-to-date is the best way to protect your form submission and guarantee it is processed safely. You can find a full list of compatible browsers and operating systems <a href="https://www.blackbaud.com/security/pci-compliance/upgrade/os-browsers">here.</a>';
        var supportForTLS = false;    
        // Internet Explorer 11 and lower (MSIE test)
        if (userAgent.indexOf('msie ') > -1) {
            userAgentVersion = Number(userAgent.split('msie ')[1].split('.')[0]);
            if (userAgentVersion > 10) {
                supportForTLS = true;
            }
        // Internet Explorer (some versions, but checking for 11+) (Trident test)
        } else if (userAgent.indexOf('trident/') > -1) { //Internet Explorer (by Trident if MSIE is missing)
            var tridentVersion = Number(userAgent.split('trident/')[1].split('.')[0]);
            if (tridentVersion > 6) {
                supportForTLS = true;
            }
        // Chrome, Edge and Safari
        } else if (userAgent.indexOf('applewebkit/') > -1) { 
            userAgentVersion = Number(userAgent.split('applewebkit/')[1].split('.')[0]);
            if (userAgentVersion > 536) {
                supportForTLS = true;
            }
        // Firefox
        } else if (userAgent.indexOf('firefox/') > -1) { 
            userAgentVersion = Number(userAgent.split('firefox/')[1].split('.')[0]);
            if (userAgentVersion > 26) {
                supportForTLS = true;
            }
        // Opera
        } else if (userAgent.indexOf('opera/') > -1) {
            userAgentVersion = Number(userAgent.split('opera/')[1].split('.')[0]);
            if (userAgentVersion > 13) {
                supportForTLS = true;
            }            
        }
        if (!supportForTLS) {   
            document.getElementById("TLSMessage").innerHTML = warningMessage;
            var bboxFormPrefix = /^bbox-root/;
            var els = document.getElementsByTagName('*');
            for (var i = 0; i < els.length; i++) {
               if (bboxFormPrefix.test(els[i].id)) {
                  els[i].style.display = "none";
                  break;
               }
            }
        }    
    } ());
    </script>
  6. Save and publish your page
  7. ​Repeat the above steps for any additional pages on your website in which you have embedded Online Express web forms

For further information regarding PCI 3.1 and Online Express, please refer to How is Online Express impacted by PCI 3.1 and TLS 1.1 requirements?.