Most astute companies are using marketing automation software to help streamline their marketing message and increase sales results. Security and performance typically aren’t your first thoughts when setting up such systems and configuring vanity tracker domains.
Nowadays people expect to see the padlock in the address bar as more and more websites switch to HTTPS by default. It gives users confidence that their data won’t be seen by prying eyes and that the destination server is trusted onwards increasing conversions. In the last 12 months Electronic Frontier Foundation & LetsEncrypt have help spread the message securing your web presence isn’t difficult and given time will be the status quo every user will expect.
What is the deal with X-Forwarded-Proto
Oops, by adding a reverse proxy in front of Pardot it causes browser errors due to mixed content issues. Why does this happen? Good question; ask Pardot, it’s how they have configured their platform. Lets go and edit the form template and change the affected script to use https prefix, nope not going to happen it’s dynamically injected at runtime. Which resource is causing the page to break due to mixed content errors? piUtils.js in the head tag.
When the Pardot servers see a request with a X-Forwarded-Proto header they act like the connection is over unsecure HTTP connection and return assets script & styles prefixed with http:// instead of https://. Browsers behave by blocking unsecure resources over secure connections to ensure top security. Removing the X-Forwarded-Proto header from the request before it hits pardot’s servers corrects the problem.
Using Section
Over the past few weeks we have been in the process of onboarding marketing automation software Pardot. We are sticklers for security and ensure Section web properties are HTTPS enabled and default; Pardot wasn’t a straight forward setup as they don’t support vanity tracker domains with HTTPS enabled.
This post was inspired by Roman Derevianko who blogged on how to use setup and configure ngnix. We regularly dogfood our delivery platform and leverage the flexibility it provides.
-
__Setup vanity domain in Pardot__
In Pardot navigate to User > Settings > Edit Account
Set tracker domain to https://go.yourdomain.com (prefix https:// is important) Save changes -
__Create a new website in our portal__
With stack details:
Hostname: go.yourcustomdomain.com
Origin: go.pardot.com
Stack: Varnish Cache (latest) -
__Once your application has been setup edit section.config.json__
Navigate to Configuration > Repository > Open section.config.json > Edit
Add remove_request_headers and addX-Forwarded-Proto& save
{% gist section-io-gists/3b7b3b92ca77a52c122047875b7ed4a9 %} -
__Setup DNS to point
go.yourcustomdomain.comat Section__ -
Wait for deployment to complete and you should have a running application
Section is a self service platform, sign up the first 14 days are free.
