Re: Full Referrer URL from Website Page to Marketo LP Form Submit

Thank you for your insight. I believe our team does not want to use UTM links as they do not want to maintain and keep track a list of links where this LP may link from, which is where the question came from on how we could capture which of our website page they were on before they arrived to our Marketo LP and what we need to do in order to set that up.  So now I am tasked with trying to find a way we could pass the URL to our sales group on the page they came from.

In your suggestion on having the default policy overridden to allow referrer URL shared, where would that need to happen? Website side? Do you have any other suggestions on how we could achieve the behavior we want on capturing the website page they came from before the Marketo LP and form submit?

Provide an actual URL on the source site (your website) and we can tell you whether the referrer is forwarded. As Darshil says, it likely isn’t because that’s the secure browser default.

If it needs to be changed, it would be changed by your web team. You can’t, by definition, override security measures on the target site (the Marketo LP domain)!

Hi Sandford,

I agree, it probably isn't updated on our end and left as default. Been reading some of your suggestions on the community, but most use cases are getting the webpage URL from Marketo form embed. As our use case is website page to Marketo LP and form submit, any other recommendations on how we could achieve the desired outcome of being able to capture the website product page they were on before they clicked link to our Marketo LP and submitted a form?

Thank you!

I agree with Sandy’s suggestion. Since you don’t want to keep track of all the places where this page is linked to add UTMs everywhere, I think the latter option would be a better choice. Also, since you have a hop from your website to Marketo LPs, you would not be able to access the cookies across different domains even if you skillfully store the current page’s URL in a cookie so it can be accessed and potentially used to autofill a hidden field on the form on the Marketo LP.

Do we know it’s a different domain (using cookie semantics)? We know it’s a different origin but that’s different.

Hmm, true! @Liz_Nguyen1, could you please clarify whether different domains are involved or not?

Hello! Thank you all for your insights.

It would be from our main website domain (idc.com) to the Marketo LP (info.idc.com) as our use case. I've included two links as an example and would like to confirm that if we were to go with Sanford's #2 suggestion with marking up the <a> tag with the correct referrer policy will it actually work with our domain setup.

Website page: (there is a Contact Us button linking to Marketo LP) 

Marketo LP: 

Which is currently UTM tagged, which potentially opens up the conversation of adding in another parameter to capture webpage details to pass onto the form and add that value to a field, where we could add into an alert email.

However, if our setup could let us utilize option #2, we may go that route.

Appreciate the help on this and the recommendations!

Hi @SanfordWhiteman or @Darshil_Shah1 ,

We had a few additional questions that popped up when discussing the options you had suggested.

With regards to the referrerpolicy="unsafe-url" as you mentioned it is the easiest to rolle-out and can be used with any domain so our current setup means we can use this method. However, could you confirm if using "unsafe-url" would open us to any potential risks/threats, if so we would want to evaluate other options. If we did go with this method, the would we only need to update the <a> tag wherever we link from website to Marketo LP (on a link by link basis)? Also wondering how do we store the URL we receive from the referrerpolicy into a field where we could later use in an alert email. Could you break down the steps needed?

With the other method of using UTMs, this means we would need to create another utm field within our instance, correctly tag the link with UTM parameter and value, then have the form auto-fill that value from the UTM parameter?

As Darshil confirmed, we could share cookies between the two webpages as they share the same private domain. Would this require dev work from a developer? I am not an expert so trying to better understand our options. 

Thanks again, appreciate the insights on this!

AFAICT, when referrerpolicy="unsafe-url" is used, the full URL of the referring page will be included in the Referer header when navigating to the target page. This can potentially leak sensitive information, such as private user data or authentication tokens, to the target site or third-party servers if those are ever included as a part of the URL. I'll let Sandy pitch in and confirm as well. 

---

how do we store the URL we receive from the referrerpolicy into a field where we could later use in an alert email. Could you break down the steps needed?

 

 

---

I believe you can use form JS to write the referrer URL to a hidden field added in the Marketo form, and then use that field as a token in the email. If you just want to grab the parameters in the referral URL, you can use the OOTB autofill hidden field with the respective referrer parameter instead of using JS to grab the URL, and then get UTMs out of it (See this documentation).

Hi Sanford,

If going with the referrerpolicy option, do we also need to have a new field created to store this value so we could add the value into an alert email?

Two different domains (e.g. example.com and subdomain.example.com) can only share cookies if the domain attribute is present in the header:

Set-Cookie: name=value; domain=example.com

Of course, the domain attribute must domain-match the request URL to be valid, which means it must be the request domain or a "parent" domain. This cookie would then be sent for example.com and any subdomain of example.com, including nested subdomains like subsub.subdomain.example.com.

With this background, and given that the parent domain is same in your case (idc.com) I think you could explore the option of setting the current URL in the cookie with domain=idc.com and then using it to autofill in the form's hidden field on the pages.idc.com page.