There's two reasons this could happen that come immediately to mind:
1. You have forms iframed onto a Marketo landing page.
2. You call the form embed code JS using your landing page domain rather than the default https://app-xxx.marketo.com/js/forms2/js/forms2.min.js path.
In both scenarios you would need to secure your Marketo landing page domains. If you provide a link to an example of where this is happening then we could get a better idea of the answer.
It looks like I had the latter issue.
As a band-aid, I was able to copy a new embed code from the form which did not have that address in there, but from what I understand, we are not going to have an option but to do the Marketo required securing of the site eventually right?
Office: 315-434-9787 x1123
6310 Fly Road | East Syracuse | NY | 13057 | USA
1 of 1 people found this helpful
Yes, if you want to ensure your forms work in the widest range of scenarios (i.e. anti-tracking features and plugins broadly blocking all assets at marketo.com, even those not directly implicated in tracking) you need to use one of your custom domains, ergo that domain needs to be secure.