Most astute companies are using marketing automation software to help streamline their marketing message and increase sales results. Security and performance typically aren’t your first thoughts when setting up such systems and configuring vanity tracker domains.
Nowadays people expect to see the padlock in the address bar as more and more websites switch to HTTPS by default. It gives users confidence that their data won’t be seen by prying eyes and that the destination server is trusted onwards increasing conversions. In the last 12 months Electronic Frontier Foundation & LetsEncrypt have help spread the message securing your web presence isn’t difficult and given time will be the status quo every user will expect.
What is the deal with X-Forwarded-Proto
Oops, by adding a reverse proxy in front of Pardot it causes browser errors due to mixed content issues. Why does this happen? Good question; ask Pardot, it’s how they have configured their platform. Lets go and edit the form template and change the affected script to use https prefix, nope not going to happen it’s dynamically injected at runtime. Which resource is causing the page to break due to mixed content errors?
piUtils.js in the head tag.
When the Pardot servers see a request with a
X-Forwarded-Proto header they act like the connection is over unsecure HTTP connection and return assets script & styles prefixed with
http:// instead of
https://. Browsers behave by blocking unsecure resources over secure connections to ensure top security. Removing the
X-Forwarded-Proto header from the request before it hits pardot’s servers corrects the problem.
Over the past few weeks we have been in the process of onboarding marketing automation software Pardot. We are sticklers for security and ensure section.io web properties are HTTPS enabled and default; Pardot wasn’t a straight forward setup as they don’t support vanity tracker domains with HTTPS enabled.
This post was inspired by Roman Derevianko who blogged on how to use setup and configure ngnix. We regularly dogfood our delivery platform and leverage the flexibility it provides.
Setup vanity domain in Pardot
In Pardot navigate to User > Settings > Edit Account
Set tracker domain to https://go.yourdomain.com (prefix https:// is important) Save changes
Create a new website in our portal
With stack details:
Stack: Varnish (latest)
- Once your application has been setup edit section.config.json
Navigate to Configuration > Repository > Open section.config.json > Edit
Add remove_request_headers and add
Setup DNS to point
- Wait for deployment to complete and you should have a running application