On April 24, 2019, Marketo changed how its form prefill works. From now on Marketo forms will only be pre-filled if a valid mkt_tok URL parameter is present. Generally, this is from a tracked link click in a Marketo email.
How is this different?
Previously, Marketo landing pages would rely on Munchkin tracking cookies to identify known person records, and forms would pre-fill based on that cookie. Form pre-fill did not require being linked to a Marketo landing page from a tracked email link.
For shared computers this causes privacy concerns when a user may see the personal information of a different, cookied, user.
What this doesn’t affect?
This change will only affect pre-filling, which relies on values that live within the Marketo record. This does not affect features such as Autofill or Progressive profiling.
Pre-fill VS Autofill
The biggest scare of this change came from a bit of misunderstanding on the difference between Pre-fill and Autofill functions in Marketo forms. Most Marketo instances use autofill to help with tracking and attribution (if you aren’t we can help you start) and users were scared that this change would affect them. Let’s look at the differences in these two features to see why this isn’t the case.
Pre-fill uses data stored within a Marketo record to fill in visible form fields with known information so that users can spend less time filling in your forms. These field values are pulled from the record displayed in the form. This causes an issue on a shared device where the personal data of an individual may be presented to a different user.
Autofill populates hidden fields within a Marketo form. The data used to populate these fields isn’t coming from your Marketo instance and is instead being supplied from one of four methods:
- Default Value
- A value set by the form creator with a standard value to be submitted with each form submission
- Common values include form name or id or campaign identifiers.
- URL Parameter
- A value set by content within the current URL in the browser
- Common values include campaign, source, keyword and other tokens used manually or as part of an ad campaign
- Cookie Value
- A value that is set by reading information already stored on the users device.
- Common values include user ID
- Referrer Parameter
- A value set based on information from the previous (referring page) URL
- Common values include tracking parameters for multiple page campaigns or third party campaigns.
Why one and not the other?
So why stop prefill but not autofill? It is all about privacy. Autofill values are not usually displayed to the user (however the values may be accessible in the source code). All of the information being used in autofill is already accessible on the computer, marketo isn’t providing any additional info.
Prefill values however pull information from a record that didn’t exist in the browser. Let’s say a shared computer is cookied with a Marketo record. If someone else navigated to a page with prefill, it could pull information into the form such as phone, address, age, or anything other data stored in the instance.
In the above images you can see an example of a blank Marketo form and a form that has been pre-filled by clicking a tracked email link. You can see that personal information such as date of birth, address and phone number are pulled from the Marketo record and populated in the form. Protecting this type of information is why this revision was necessary.
Progressive Profiling works by asking for more, and different, information with successive form fills. Because no personal information is being pulled and displayed from the Marketo record, this functionality will not be affected.
How does this affect your instance?
In most cases, it doesn’t. If you use the pre-fill function on forms that have traffic driven by Marketo emails, they will still pre-fill based on the mkt_tok parameter. If you are driving users to forms by other means (e.g., links within your website) then those users will be required to fill in all of the fields in the form. While this could be viewed as an inconvenience with long forms, it adds extra privacy to those in your database.
Want to learn more? Read Marketo’s statement on the changes.