Re: If our landing pages are SSL encrypted, are our forms encrypted as well?

Dan_Stevens_ · ‎02-10-2015

We migrated all of our Marketo landing page SSL encryption last year. All of our forms were placed on Marketo landing pages and included on our website via iframes. We are now using embedded forms (not iframes). Is the data that's submitted via the Marketo forms still encrypted? Or would that require us to apply SSL encryption on the pages of our external website?

Kenny_Elkington · ‎02-10-2015

Hi Dan,

Forms will use the protocol that the page is loaded over. If a page where the form is embedded is loaded over https, that is what will be used to transmit data. If it is loaded over http, then that is what will be used.

Dan_Stevens_ · ‎02-10-2015

Thanks Kenny. Our embed script takes on the form of:

MktoForms2.loadForm("http://app-xxx.marketo.com", "xxx-xxx-xxx", NNNN, function (form) {

If we change the protocol to https://app-xxx.marketo.com, that won't submit using SSL encryption?

Kenny_Elkington · ‎02-10-2015

Hi Dan.

Yes it will support over https if manually set the path to include https as the protocl. However, I would caution you against this. The embed code we provide omits the protocol from the path:

MktoForms2.loadForm("//app-xxxx.marketo.com", "xxx-xxx-xxx", xxxx);

This is to avoid mixed content errors when the embed code is mismatched between the protocol of the parent page.

SanfordWhiteman · ‎02-10-2015

@Dan use "//app-xxx.marketo.com". You must've customized that because that's what the embed code usually looks like ("scheme-relative" or "protocol-relative" URL).

Be aware that loading non-HTTPS resources within an HTTPS page is going to either fail or generate a user-facing warning in modern browsers. So it's pretty much mandatory that you use HTTPS on all embedded scripts if you want them to work and/or be friendly to users.

Justin_Cooperm2 · ‎02-10-2015

Dan,

What's been said is correct. You don't want to try to load the form via HTTPS if your website is being served over HTTP. If you do have a cert for you website and the person is hitting the page via HTTPS then just embedding the code you get out of Marketo will make it work fine and requests will be made over HTTPS. It won't benefit you in any way to hard code the https:// in the loadForm call.

One last gotcha to keep in mind. If you are using rich-text labels/fields in your forms and have added HTTP:// links in them, those will not be changed even if the page is being served securely via HTTPS.

Dan_Stevens_ · ‎02-10-2015

Thanks everyone. If we don't use a protocol at all and just use "//app-xxx.marketo.com", does this script work in conjuction with the Munchkin code to properly transcode? Otherwise, how does this work without ANY protocol?

Kenny_Elkington · ‎02-10-2015

Omitting the protocol in a path is standard practice. If the protocol is unspecified the browser will prepend the protocol used to load the parent page. I'm not sure what you're referring to in regards to munchkin. Munchkin and Forms 2 operate independently, other than a Marketo form grabbing the munchkin tracking cookie upon form submission. Could you elaborate on your concern there?

Dan_Stevens_ · ‎02-10-2015

Kenny, you basically answered this for me. I didn't realize that the browser will prepend the protocol used to load the parent page. Thanks again!

Mark_Knight · ‎04-23-2018

I am new to Marketo so still trying to get to grips with the details, so please excuse my simple question. In basic terms, please can you confirm that if my website DOES already have HTTPS encryption, i can use the embed code from Marketo forms (created in 2018) within my website and those forms will operate as expected, without errors, passing encrypted data into Marketo, (and not flag any issues in Google), WITHOUT the need for me to purchase separate HTTPS encryption module from Marketo?

Many thanks

Mark