Re: Chrome security warnings

Steph_Anderson
Level 4

Chrome security warnings

We received a notice from Google that our URLs will trigger a security warning. Does anyone know if this also includes our Marketo landing pages, or just our main website? Do we need to purchase a Marketo SSL Landing Page Security Package to avoid this?

Below is the message we received from Google.

"Starting October 2017, Chrome (version 62) will show a “NOT SECURE” warning when users enter text in a form on an HTTP page, and for all HTTP pages in Incognito mode.

The following URLs on your site include text input fields (such as < input type="text" > or < input type="email" >) that will trigger the new Chrome warning. Review these examples to see where these warnings will appear, so that you can take action to help protect users’ data. This list is not exhaustive."

TIA

10 REPLIES 10
SanfordWhiteman
Level 10 - Community Moderator

Re: Chrome security warnings

If you embed Marketo forms on a secure 3rd-party page (i.e. if your main website is secure) with the standard embed code, then you won't have the warning.

If you don't secure your Marketo LP domain, then you will have the warning when you use named or embedded form elements there.

SanfordWhiteman
Level 10 - Community Moderator

Re: Chrome security warnings

Do we need to purchase a Marketo SSL Landing Page Security Package to avoid this?

(Yes, or you can run LPs via your own CDN to avoid the SSL onboarding and ongoing fees.)

Anonymous
Not applicable

Re: Chrome security warnings

I'm looking in to this, as well.  Can you expand on what you mean by "run LPs via your own CDN"?  Is there a way to utilize Marketo LPs without hosting them on the Marketo LP domain for our organization?

SanfordWhiteman
Level 10 - Community Moderator

Re: Chrome security warnings

Can you expand on what you mean by "run LPs via your own CDN"? Is there a way to utilize Marketo LPs without hosting them on the Marketo LP domain for our organization?

Yes, you can serve Marketo LPs via a 3rd-party CDN such as Amazon CloudFront. I wouldn't have any reason to recommend this were it not for the $$$ Marketo charges for SSL support.

Casey_Grimes
Level 10

Re: Chrome security warnings

Does that work without incident, though? I was toying with the idea on another CDN that offers free SSL but figured it was too good/easy to be true.

SanfordWhiteman
Level 10 - Community Moderator

Re: Chrome security warnings

Works great! I don't do it to avoid the cert cost, as we usually already have the wildcard cert, but the onboarding and ongoing costs.

(IMO we need to put more pricing pressure on Mkto. Maybe $500 one-time and $500/yr is worth it for the reduction in moving parts, but not what it is now.)

Lisa_Heay2
Level 3

Re: Chrome security warnings

Not Marketo related as much, but do you have a sense of the necessity to have LPs secure?  My thinking is that HTTPS is helpful for search, but our Resource landing pages don't rank (at least highly).  They are typically accessed from internal links from our site or blog posts (which is secure) or an email link.  I'm trying to understand the impact if we leave our Marketo LPs as-is.

SanfordWhiteman
Level 10 - Community Moderator

Re: Chrome security warnings

Not Marketo related as much, but do you have a sense of the necessity to have LPs secure? My thinking is that HTTPS is helpful for search, but our Resource landing pages don't rank (at least highly). They are typically accessed from internal links from our site or blog posts (which is secure) or an email link. I'm trying to understand the impact if we leave our Marketo LPs as-is.

Well, as in the thread topic, there's the cosmetic concern that pages will soon say "Not Secure"  up in the left-hand corner. The impact on conversions is unknown at this time.

Agreed that if you're not worrying about search, then Google's preference is a red herring.

I look at things (as probably know from reading my rants here) from a risk and security perspective that few in martech share. It depends on the type of company you work for, but when I look at how easy it would be to hijack an insecure link and send it to a phishing domain, it's impossible for me not to see that as A Bad Thing.

Also, on an analytics level, if anyone links to your LPs from a secure page, unless they take special measures (few do) you won't see the referrer, since that's not sent from https to http pages by default. But if this almost never happens with your LPs it may not be a big deal (though sometimes you want to know that one blog that loves you!).

I would categorize the SSL decision as "Better safe than sorry" (even when it comes to the Chrome warning, surely it would be better to not have to worry about it) ​but Marketo's pricing is so high it can make you reconsider what should be a no-brainer. That's why I recommend using a CDN until they get their act together on that.

Lisa_Heay2
Level 3

Re: Chrome security warnings

Thanks for your insight!