Prefill is not supported on embedded forms. This was a decision made when forms 2.0 was implemented.
There is a blog on a developer site about how to make prefill work with embedded forms:
Additionally, I recommend you call go vote and comment on this idea to bring it back to people's attention:
Here is the product team's official stance on this:
For pre-fill to work on embedded forms, it requires a publicly accessible API that retrieves lead information, which can include personally identifiable information such as email addresses, mailing addresses, names, and phone numbers. For us to make enable pre-fill on embedded forms in a responsible manner, we need to make certain that the API is created in such a way that it’s acceptably protected from brute force attacks that could allow an attacker to retrieve information about all leads by guessing Marketo cookie values, as well as making certain that the API doesn’t expose leads to XSS (cross-site script) attacks that could be used by an attacker to steal a lead’s info when they visit the attacker’s site. These issues doesn't exist when the form is on a Marketo landing page because we process the content of the page on our servers and there is no API exposed publicly.
This is 100% on our roadmap and we know how much customers would like this...it just requires a very thorough review by our internal security team. I plan to work on this next year.
Justin Cooperman - Back in 2014 you said "This is 100% on our roadmap and we know how much customers would like this...it just requires a very thorough review by our internal security team. I plan to work on this next year." Did anything change in the intervening time? I have a client using embedded forms and on some of them prefill works but on others it doesn't. I suspect a developer implemented a workaround for them on the pages where it works and that nothing has changed for the "out of the box" embedded forms. Would you please confirm either way?
Over the last year, our team's focus around munchkin and forms experiences has been to ensure GDPR compliance and "privacy by design" of the existing functionality. We've made a few security improvements and we do still have a few more we're making. Once we get that all wrapped up, there's a PM working on a few forms enhancements like this one. The API workaround Sanford published is a nice approach for the time being. But, make sure whatever you deploy aligns with your team's internal GDPR stance as well.
Did I publish it yet?
It's actually going open-source today:
(Doesn't use the API, for sure.)
I think you guys both follow so I'm trying to get it out for the 6pm email digest today. If not, then it'll be up tonight and in the email tomorrow.