AnsweredAssumed Answered

Chrome security warnings

Question asked by Steph Anderson on Aug 18, 2017
Latest reply on Sep 21, 2017 by Mike Reynolds

Like • Show 1 Like1
Comment • 10

We received a notice from Google that our URLs will trigger a security warning. Does anyone know if this also includes our Marketo landing pages, or just our main website? Do we need to purchase a Marketo SSL Landing Page Security Package to avoid this?

Below is the message we received from Google.

"Starting October 2017, Chrome (version 62) will show a “NOT SECURE” warning when users enter text in a form on an HTTP page, and for all HTTP pages in Incognito mode.

The following URLs on your site include text input fields (such as < input type="text" > or < input type="email" >) that will trigger the new Chrome warning. Review these examples to see where these warnings will appear, so that you can take action to help protect users’ data. This list is not exhaustive."

TIA

1 person has this question

Outcomes

10 Replies

Sanford Whiteman Aug 18, 2017 8:43 AM
Mark Correct
Correct Answer
If you embed Marketo forms on a secure 3rd-party page (i.e. if your main website is secure) with the standard embed code, then you won't have the warning.

If you don't secure your Marketo LP domain, then you will have the warning when you use named or embedded form elements there.
1 person found this helpful
Like • Show 0 Likes0
Actions
Sanford Whiteman Aug 18, 2017 9:52 AM
Mark Correct
Correct Answer
Do we need to purchase a Marketo SSL Landing Page Security Package to avoid this?
(Yes, or you can run LPs via your own CDN to avoid the SSL onboarding and ongoing fees.)
Like • Show 0 Likes0
Actions
- e6f64cf91d4f8e7cd803f0e204d44b01c3aa3870 @ Sanford Whiteman on Sep 6, 2017 2:43 PM
  Mark Correct
  Correct Answer
  I'm looking in to this, as well. Can you expand on what you mean by "run LPs via your own CDN"? Is there a way to utilize Marketo LPs without hosting them on the Marketo LP domain for our organization?
  Like • Show 0 Likes0
  Actions
  - Sanford Whiteman @ e6f64cf91d4f8e7cd803f0e204d44b01c3aa3870 on Sep 6, 2017 3:27 PM
    Mark Correct
    Correct Answer
    Can you expand on what you mean by "run LPs via your own CDN"? Is there a way to utilize Marketo LPs without hosting them on the Marketo LP domain for our organization?
    Yes, you can serve Marketo LPs via a 3rd-party CDN such as Amazon CloudFront. I wouldn't have any reason to recommend this were it not for the $$$ Marketo charges for SSL support.
    1 person found this helpful
    Like • Show 0 Likes0
    Actions
    - Courtney Grimes @ Sanford Whiteman on Sep 7, 2017 10:00 AM
      Mark Correct
      Correct Answer
      Does that work without incident, though? I was toying with the idea on another CDN that offers free SSL but figured it was too good/easy to be true.
      Like • Show 0 Likes0
      Actions
      - Sanford Whiteman @ Courtney Grimes on Sep 7, 2017 10:22 AM
        Mark Correct
        Correct Answer
        Works great! I don't do it to avoid the cert cost, as we usually already have the wildcard cert, but the onboarding and ongoing costs.
        
        (IMO we need to put more pricing pressure on Mkto. Maybe $500 one-time and $500/yr is worth it for the reduction in moving parts, but not what it is now.)
        Like • Show 0 Likes0
        Actions
    - Lisa Heay @ Sanford Whiteman on Sep 7, 2017 11:35 AM
      Mark Correct
      Correct Answer
      Not Marketo related as much, but do you have a sense of the necessity to have LPs secure? My thinking is that HTTPS is helpful for search, but our Resource landing pages don't rank (at least highly). They are typically accessed from internal links from our site or blog posts (which is secure) or an email link. I'm trying to understand the impact if we leave our Marketo LPs as-is.
      Like • Show 0 Likes0
      Actions
      - Sanford Whiteman @ Lisa Heay on Sep 7, 2017 12:01 PM
        Mark Correct
        Correct Answer
        Not Marketo related as much, but do you have a sense of the necessity to have LPs secure? My thinking is that HTTPS is helpful for search, but our Resource landing pages don't rank (at least highly). They are typically accessed from internal links from our site or blog posts (which is secure) or an email link. I'm trying to understand the impact if we leave our Marketo LPs as-is.
        Well, as in the thread topic, there's the cosmetic concern that pages will soon say "Not Secure" up in the left-hand corner. The impact on conversions is unknown at this time.
        
        Agreed that if you're not worrying about search, then Google's preference is a red herring.
        
        I look at things (as probably know from reading my rants here) from a risk and security perspective that few in martech share. It depends on the type of company you work for, but when I look at how easy it would be to hijack an insecure link and send it to a phishing domain, it's impossible for me not to see that as A Bad Thing.
        
        Also, on an analytics level, if anyone links to your LPs from a secure page, unless they take special measures (few do) you won't see the referrer, since that's not sent from https to http pages by default. But if this almost never happens with your LPs it may not be a big deal (though sometimes you want to know that one blog that loves you!).
        
        I would categorize the SSL decision as "Better safe than sorry" (even when it comes to the Chrome warning, surely it would be better to not have to worry about it) but Marketo's pricing is so high it can make you reconsider what should be a no-brainer. That's why I recommend using a CDN until they get their act together on that.
        Like • Show 1 Like1
        Actions
        Lisa Heay @ Sanford Whiteman on Sep 7, 2017 1:11 PM
        Mark Correct
        Correct Answer
        Thanks for your insight!
        Like • Show 0 Likes0
        Actions
Mike Reynolds Sep 21, 2017 10:15 AM
Mark Correct
Correct Answer
Hi Steph,
Chrome's update will apply to all web pages, including your Marketo landing pages. If you have an SSL cert in your own website securing those pages, your visitors won't get that warning from Chrome. However, your Marketo pages aren't hosted on your website, so they wouldn't have the SSL security unless you have an SSL cert added in Marketo.

We have a doc relating to this change here: Upcoming Changes to the Chrome Browser

Hope that helps!
Like • Show 0 Likes0
Actions

Chrome security warnings

Outcomes

Related Content

Recommended Content