Are your Landing Pages Secure?

Are your Landing Pages Secure?

Chrome will soon start marking many websites as Not Secure. Your website won't be affected, but have your landing pages been updated to prevent this?

This month marks an important milestone in the history of the web. For several years the leading browser makers, led by Google and Mozilla, have been aggressively trying to kill off HTTP and expand the usage of SSL and HTTPS based secure websites. This increases user privacy and web security by encrypting connections between web browsers and servers, preventing third parties from intercepting the connection or even knowing what pages you're visiting.

Let's Encrypt

In 2016, Mozilla launched Let's Encrypt, a provider of free SSL Certificates. The aim was to expand the adoption of HTTPS across the web by changing certificates from something you buy and configure on a server, to something that is generated programmatically by an API. There are significant limitations to Let's Encrypt certificates which mean that they aren't designed to be used for enterprise use cases. However, encouraged by the browser makers they've been wildly successful.

Until a few years ago, cheap hosting plans generally blocked websites from using SSL. It was an upsell for both technical and commercial reasons. Now, even the cheapest hosting plans require websites to be SSL and provide free certificates from Let's Encrypt.

Marketing Automation

In January, Salesforce got in the act, announcing free SSL for Pardot landing pages. The technology powering this is Let's Encrypt. Previously, Pardot hadn't supported SSL for vanity domains at all. Now, SSL can be added to a Pardot microsite in a few minutes, with just a couple of clicks. This is an entirely self-service capability with no technical knowledge required.

Compare this to Marketo and Eloqua, who still require you to purchase secure microsite add-ons, and then follow a support led implementation process. Marketo at least buy the certificate and do the configuration work for you now. Oracle don't even do that much. Their Eloqua SSL microsites service still requires you to get a certificate from IT, and then setup a new landing page domain just for SSL.

Brand Impact

This is important due to forthcoming changes in both Google Chrome and Mozilla Firefox. Google are first. Their next version is due at the end of the month. It will prominently mark all web pages as 'Not Secure' unless they are served over a HTTPS connection. Initially, the warning will be black text, but in October the text will change to red for all pages containing a form. Firefox will make a similar UI change in their September release.

Chrome 68 UI change - Image from Google

In the context of an industry just coming to terms with the impact of GDPR, this will have an impact on form conversion rates. With data breaches now a regular occurrence consumer awareness of data protection has never been higher. People rarely notice the absence of a padlock icon on a web page despite repeated attempts by many sources to make people look for it. Google and Mozilla are hoping that this change will scare off users from filling in forms on insecure web pages. Not everyone will see the message but enough people will notice the warning to have an effect not just on conversion rates, but on overall brand reputation. Most corporate web teams have migrated their websites to SSL in preparation for the change. However, external microsites and marketing automation landing pages set by marketers may not have been considered. It's not too late to fix that. Although, more support from marketing automation vendors in making this transition would be appreciated.

Written by
Marketing Operations Consultant and Solutions Architect at CRMT Digital specialising in marketing technology architecture. Advisor on marketing effectiveness and martech optimisation.