It also happens when you have 'Never remember history' in the History settings, which technically acts as the private browsing mode. CNAME alias won't work if your site is loaded over HTTPS, because of the SSL certificate mismatch. The only solution we've found is to proxy all the communications with your marketo subdomain through your domain. We use mod_rewrite + mod_proxy for this purpose, here is the example .htaccess for apache 2.2:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteRule ^js/forms2/(.*) http://app-sjint.marketo.com/js/forms2/$1 [P,L]
RewriteRule ^form/getForm http://app-sjint.marketo.com/form/getForm [P,L]
RewriteRule ^form/getKnownLead http://app-sjint.marketo.com/form/getKnownLead [P,L]
RewriteRule ^index.php/leadCapture/save2 http://app-sjint.marketo.com/index.php/leadCapture/save2 [P,L]
</IfModule>
then, to include the forms2.js from your domain:
<script src="//company.com/js/forms2/js/forms2.min.js"></script>
<form id="mktoForm_1234"></form>
<script>MktoForms2.loadForm("//company.com", "XXX-XXX-XXX", 1234);</script>
But with this approach user cookies are not proxied, so ideally you should use this method as a fallback only, the full example is at Solution to Embedded Marketo Forms Not Showing Up in Firefox - Quora
.png)