In early March, Salesforce announced changes to how it serves content via go.pardot.com. In short, this impacts your Pardot content that might be placed on your website through iFrames.
We’ll walk you through how to find where the go.pardot.com domain is in use. Then we’ll show you how to fix it across your website.
A bit of detail on the Pardot domain challenge
Pardot is making security enhancements that can affect users of the go.pardot.com domain who use this domain for iFrames. That means you’ll have to take action by April 22, 2022, to update your website forms that meet the criteria outlined in this blog post.
UPDATE: Salesforce announced they’re extending the deadline. After April 22, 2022, you can choose to turn on the security update. And Salesforce will automatically enable the security update for everyone after August 12, 2022. (See message from Salesforce)
Website forms with iFrames + default Pardot domain + JavaScript = pay attention
Specifically, you should pay attention to the enhancements if your website forms:
- Embed Pardot forms or other content inside iFrames
- Include JavaScript in that content
- Serve this content over the default Pardot domain (go.pardot.com)
The main impact will be to any Pardot form served standalone or in an iFrame using the go.pardot.com domain.
Also included are forms that make use of included JavaScript to make external calls. This includes JavaScript that:
- Communicates from within the iFrame to the pages that contain the iFrame
- Makes an AJAX call to a server
Examples of these kinds of calls are:
- JavaScript that resizes the iFrame on the page to better fit the form
- Submission of forms using reCAPTCHA
- Changing form behavior based on changes to the email address field, such as showing a message to a prospect if they previously unsubscribed
Other impacts with assets using iFrames are possible. For example, with these new changes you will no longer be able to embed a landing page within another webpage. This change also affects JavaScript callouts on form handlers and dynamic content when served directly via an iFrame.
Preparing for the fix
There are a few preparatory steps you can do before going and making (or requesting) changes to your website.
Step 1. Set up Pardot tracker domain
If you don’t already have a Pardot tracker domain, we will need to create one. If you aren’t sure, here are steps to follow:
- Log in to Salesforce & Pardot
- Go to your Pardot Settings > Domain Management page
- Look for a tracker domain that is custom. It should be one that’s similar to your website address (similar to the screenshot below)
If you don’t have a custom tracker domain set up yet, our friends at Nebula Consulting have a great set of instructions here.
If you have multiple tracker domains, you will need to know which one to use.
Step 2. Enable first-party cookie tracking
While not necessarily needed for this fix, it is best to set yourself up for success for the future of cookie tracking within Pardot.
To enable first-party web tracking cookies:
- Log in to Salesforce & Pardot
- Go to your Pardot Settings, Account Settings page and click Edit
- Scroll down to “First-Party Tracking” and make sure all 3 checkboxes are checked
- Save account
Step 3. Find website pages using the go.pardot.com domain in iFrames
I mean this is the whole reason you are here right? You have a challenge and want actionable steps on how to actually solve it instead of some blogger babbling.
We’ve created a tool that can leverage your website sitemap .xml file (the same sitemap Google crawls) to look for web pages that have embedded iFrames that also use go.pardot.com as the iFrame source.
Use the form below to find the forms on your website you’ll need to update. After submitting, we’ll gather some results and email them to you after a few minutes.
Make changes to the website
With your list of pages in hand, you can begin the work of editing each page, swapping the go.pardot.com part of the iFrame “src” attribute with your new tracker domain. Try this out on one or two pages, testing out the forms to make sure nothing has broken. Then, roll it out across your site.
But… what if I can’t add a custom tracker domain?
You might ask yourself, “What if I can’t add a custom domain?” If this is you, you’re gonna be okay.
Because of the change being made, you won’t be able to use iFrames with the default go.pardot.com domain to host standalone or embedded forms. If you plan on using a form, you’ll need to use the form on a landing page. If you have JavaScript needed for the form, it can be included in the landing page to keep the form functioning as it did before.
If you have other assets you need in an iFrame, unfortunately you won’t be able to continue using the default domain to display them. You’ll need to get creative with these assets. Maybe convert the information into a downloadable PDF or display it as an image on a landing page.
It’s going to be okay
With new Pardot security enhancements comes a more stable marketing automation platform. But it also brings new complications — and we have your back.
If you need further assistance with setting up a custom tracker domain, finding and fixing the use of go.pardot.com, or just a refresher on best practices, get in touch or tell us in the comments. We’re always happy to help.
