Question about SSL Certificate for MKTO Forms on 3rd party pages

Highlighted
Level 6

Question about SSL Certificate for MKTO Forms on 3rd party pages

I have a question about SSL Certificates as it pertains to the upcoming Google Chrome update.

If you have a MKTO form on a third party webpage that is secured, do you still need to make sure you get the actual MKTO form secured as well or does it not matter at that point?

Thanks!

4 REPLIES 4
Highlighted
Marketo Employee

Re: Question about SSL Certificate for MKTO Forms on 3rd party pages

If you use the standard embed code, you do not need SSL for Marketo.  If you iframe the form on a Marketo landing page, you will need SSL.  If you change the form embed code to load the form script via your landing page endpoint, you will also need SSL.

Highlighted
Level 10 - Community Moderator

Re: Question about SSL Certificate for MKTO Forms on 3rd party pages

The answer is more complex than just Yes/No.

Marketo always offers an SSL-secured domain, https:​//<Your Pod URL>.marketo.com, from which you can load embedded forms.

However, when browsers have tracking protection enabled they may prevent any communication with *.marketo.com. Even though form fills themselves don't constitute tracking, they get blocked in the same way.

As a result, the strong recommendation for awhile has been to use a custom Landing Page domain instead of the *.marketo.com domain. And in order for that to work from SSL sites, the LP domain needs to be secure as well (you need to enroll in Marketo's SSL service).

Furthermore, due to recent changes in Safari, we are no longer recommending that you use the Primary LP Domain, but rather to register a secondary Domain Alias to load forms. So if your Primary LP Domain is pages.example.com, use pages.example2.info as your forms domain.

Highlighted
Level 2

Re: Question about SSL Certificate for MKTO Forms on 3rd party pages

Sanford Whiteman​ - regarding this:

Furthermore, due to recent changes in Safari, we are no longer recommending that you use the Primary LP Domain, but rather to register a secondary Domain Alias to load forms. So if your Primary LP Domain is pages.example.com, use pages.example2.info as your forms domain.

Do you have a link you can share with the change in Safari? This means adding a new domain to Marketo, only to use for form embeds, is that right? We are currently using our main LP domain on our site embeds, but haven't noticed any issues.

Side question - do you know of any other way to secure domains besides the Marketo SSL service?

Update: I found this that answers my last question: SSL certificate clarification

Highlighted
Level 10 - Community Moderator

Re: Question about SSL Certificate for MKTO Forms on 3rd party pages

Do you have a link you can share with the change in Safari? This means adding a new domain to Marketo, only to use for form embeds, is that right? We are currently using our main LP domain on our site embeds, but haven't noticed any issues.

It takes a lot of testing to trigger the behavior, and over time (not just on one day). You can read more at Intelligent Tracking Prevention 2.0 | WebKit.