10 Replies Latest reply on Sep 21, 2017 10:15 AM by Mike Reynolds

    Chrome security warnings

    Steph Anderson

      We received a notice from Google that our URLs will trigger a security warning. Does anyone know if this also includes our Marketo landing pages, or just our main website? Do we need to purchase a Marketo SSL Landing Page Security Package to avoid this?

       

      Below is the message we received from Google.

       

      "Starting October 2017, Chrome (version 62) will show a “NOT SECURE” warning when users enter text in a form on an HTTP page, and for all HTTP pages in Incognito mode.

       

      The following URLs on your site include text input fields (such as < input type="text" > or < input type="email" >) that will trigger the new Chrome warning. Review these examples to see where these warnings will appear, so that you can take action to help protect users’ data. This list is not exhaustive."

       

      TIA

        • Re: Chrome security warnings
          Sanford Whiteman

          If you embed Marketo forms on a secure 3rd-party page (i.e. if your main website is secure) with the standard embed code, then you won't have the warning.

           

          If you don't secure your Marketo LP domain, then you will have the warning when you use named or embedded form elements there.

          1 of 1 people found this helpful
          • Re: Chrome security warnings
            Sanford Whiteman

            Do we need to purchase a Marketo SSL Landing Page Security Package to avoid this?

            (Yes, or you can run LPs via your own CDN to avoid the SSL onboarding and ongoing fees.)

              • Re: Chrome security warnings

                I'm looking in to this, as well.  Can you expand on what you mean by "run LPs via your own CDN"?  Is there a way to utilize Marketo LPs without hosting them on the Marketo LP domain for our organization?

                  • Re: Chrome security warnings
                    Sanford Whiteman

                    Can you expand on what you mean by "run LPs via your own CDN"? Is there a way to utilize Marketo LPs without hosting them on the Marketo LP domain for our organization?

                    Yes, you can serve Marketo LPs via a 3rd-party CDN such as Amazon CloudFront. I wouldn't have any reason to recommend this were it not for the $$$ Marketo charges for SSL support.

                    1 of 1 people found this helpful
                      • Re: Chrome security warnings
                        Courtney Grimes

                        Does that work without incident, though? I was toying with the idea on another CDN that offers free SSL but figured it was too good/easy to be true.

                        • Re: Chrome security warnings
                          Lisa Heay

                          Not Marketo related as much, but do you have a sense of the necessity to have LPs secure?  My thinking is that HTTPS is helpful for search, but our Resource landing pages don't rank (at least highly).  They are typically accessed from internal links from our site or blog posts (which is secure) or an email link.  I'm trying to understand the impact if we leave our Marketo LPs as-is.

                            • Re: Chrome security warnings
                              Sanford Whiteman

                              Not Marketo related as much, but do you have a sense of the necessity to have LPs secure? My thinking is that HTTPS is helpful for search, but our Resource landing pages don't rank (at least highly). They are typically accessed from internal links from our site or blog posts (which is secure) or an email link. I'm trying to understand the impact if we leave our Marketo LPs as-is.

                              Well, as in the thread topic, there's the cosmetic concern that pages will soon say "Not Secure"  up in the left-hand corner. The impact on conversions is unknown at this time.

                               

                              Agreed that if you're not worrying about search, then Google's preference is a red herring.

                               

                              I look at things (as probably know from reading my rants here) from a risk and security perspective that few in martech share. It depends on the type of company you work for, but when I look at how easy it would be to hijack an insecure link and send it to a phishing domain, it's impossible for me not to see that as A Bad Thing.

                               

                              Also, on an analytics level, if anyone links to your LPs from a secure page, unless they take special measures (few do) you won't see the referrer, since that's not sent from https to http pages by default. But if this almost never happens with your LPs it may not be a big deal (though sometimes you want to know that one blog that loves you!).

                               

                              I would categorize the SSL decision as "Better safe than sorry" (even when it comes to the Chrome warning, surely it would be better to not have to worry about it) but Marketo's pricing is so high it can make you reconsider what should be a no-brainer. That's why I recommend using a CDN until they get their act together on that.

                      • Re: Chrome security warnings
                        Mike Reynolds

                        Hi Steph,

                        Chrome's update will apply to all web pages, including your Marketo landing pages. If you have an SSL cert in your own website securing those pages, your visitors won't get that warning from Chrome. However, your Marketo pages aren't hosted on your website, so they wouldn't have the SSL security unless you have an SSL cert added in Marketo.

                         

                        We have a doc relating to this change here: Upcoming Changes to the Chrome Browser

                         

                        Hope that helps!