Web Personalization (RTP) - RTP Tag, API, and JavaScript FAQs

FAQs included in this article:



Does RTP comply with EU privacy laws?

RTP complies with Marketo’s legal policies that can be reviewed here: https://www.marketo.com/company/legal/.

This will be updated appropriately by our Legal department based on any upcoming laws.


Does the RTP tag call Wistia or YouTube?

RTP only loads the Wistia or YouTube API when the RTP script discovers a Wistia or YouTube video embedded on the page.


How does RTP collect data on visitors?

Please see RTP - How does RTP collect data on visitors.


Does the reverse IP lookup process return an email address for anonymous visitors?

No, a reverse IP lookup cannot return an email address.


How does the RTP javascript work?

Please see: RTP - How does the RTP javascript work.


How is data managed in terms of encryption access?

  •      RTP functions on secure websites (https).
  •      RTP conforms to all of the security and data encryption standards of Marketo.
  •      The only data RTP pulls from a visitor’s input is an email address, which it passes securely over SSL to RTP’s Leads table.
  •      If the page is using an unsecured form submit (non-SSL) RTP will not use SSL either, since the email address is already being passed without encryption.
  •      The RTP cookie is not encrypted, as it uses a GUID (Globally Unique Identifier) for RTP use only. RTP validates that the cookie has been created and sent properly, and blocks any illegal values.
  •      The system tracks and engages via a REST/JavaScript that runs on the browser. The tracking calls are via http or https, depending on the browser authentication.
  •      The back office is via https and requires authentication and role association. The data-center is managed by Marketo’s operations and its security team.


How are JavaScript cross-site scripting attacks mitigated by RTP?

  • We mitigate cross-site scripting attacks by employing user input filters on the server side.
  • Based on the application logic and data location they either:
    1. Block the entire request which contains potentially malicious user input.
    2. Filter out potentially malicious input.
    3. Encode entire user input to ensure XSS attempt will not be successful.


How long is a visit session

We define a session as 30 minutes from the visitor's last click.


Is it possible to host the RTP javascript on my company's server?

We do not recommend hosting the JavaScript on another server for performance reasons. It is possible, but it is not recommended.

Unlike Munchkin script, the RTP tag must have a very short loading time. If not the user experience might be affected and campaigns may have some latency.

This is also the reason why we recommend inserting the tag higher in the code, right after the <head> tag.


Is it possible to use the RTP tag on secured pages (https)?

Yes. The RTP tag supports both http:// and https:// pages.


Can RTP campaigns be blocked by Ad blockers?

Please see:RTP - Can RTP campaigns be blocked by Ad or Javascript blockers?


Is traffic from known bot user-agent strings removed from the dataset?

Yes. We cover between 80-90% of known-bot user-agents and continually update the blacklist.


Can jQuery Be Disabled from the RTP Tag?

The RTP tag uses jQuery to assure that some functionalities will work properly on any page. However, if the jQuery causes issues with other parts of your website, we can configure the tag to disable it altogether. This can be done by the Marketo Support team because this advanced configuration is not accessible directly to customers.


What are the differences between the RTP tag versions?

Please see RTP - What are the differences between the RTP tag versions.


What data is stored in the trvw.uid cookie?

The trvw.uid cookie contains a VisitorID which is a GUID (Global Unique Identifier) only used by RTP to identify the web visitor for returning visits and historical behavior.


What is the RTP limitation of the number of daily visitors with Munchkin2?

RTP is not related to Munchkin. The move to Munchkin2 has no affect on the functionality of RTP.


What specific data are gathered through the reverse IP lookup process?

From the visitor’s visit on site in the session, we see information such as IP, page URL, search term and referral sites.

From the IP address, we use Reverse IP lookup to match the organization name.

From the Organization name, we match it with RTP’s propiertary firmographic data including:

    • Organization name
    • Industry
    • Organization Group (Enterprise, SMB’s, etc.)
    • Organization Location:
      • Region
      • Country
      • State
      • City
      • Zip Code


RTP Tag - Best Practices

Install the RTP tag on ALL web assets. Including all domains, subdomains, landing pages, blogs etc. even if you do not intend to display campaigns on those assets.

The reason for this is that we want to capture the entire customer journey.


RTP tag is not sending clicks from IP URLs

This is expected behavior. The RTP JavaScript does not send clicks from IP URLs, i.e:


TRW and MSG calls are not showing up in the console.

The tag is turned off. You can check this setting in Account Settings.




Is it possible to blacklist companies in RTP?

You can remove companies from appearing in your RTP reports, and from seeing campaigns - this is done through a support ticket request. Send them the company names or IP addresses you want to block from RTP campaigns and appearing the RTP reports.