Chrome Security Changes and Pardot

by Jeena Jeeva - December 23, 2019
Chrome Security Changes and Pardot

Chrome have improved their security for users and are moving to a secure-by-default model. This model has the potential to stop third-party cookies from functioning. Find out how this affects your Pardot account below…

This Chrome update will come into affect after 4th February 2020, meaning that all third-party cookies must have SameSite attributes set and come from a site with HTTPS in order for the browser to transmit the data to Pardot.

This change can impact your ability to track prospects with Pardot!

Pardot is working to update third-party cookies with the SameSite attributes so that they continue to function after this change. However, if the sites you currently track with Pardot do not use HTTPS you must convert them to HTTPS to keep domain tracking operating as expected.

What are First-Party and Third-Party Cookies?

A first-party cookie is issued by the site a user visits, and the domain attribute matches the domain in the browser’s address bar. These cookies are used for things like storing your page preferences and collecting analytics from the site.

A third-party cookie is created when the site sends a request to the third party’s servers. These servers return the requested file and the cookie is assigned to the visitor.  Unlike first-party cookies a third-party cookie’s domain attribute does not match the domain in your browser’s address bar. Third-party cookies are typically used to show content from different websites and web tracking.

Why Does Pardot Use Third-Party Cookies?

Pardot issues a third-party cookie to enable tracking across different domains. For example, you maintain two domains, & When a visitor comes to, they are issued a Pi.Pardot cookie with a unique visitor ID. When they visit, the Pi.Pardot cookie lets Pardot know it is the same visitor from, and Pardot connects the activity to the same prospect.

What does this change mean for you?

If your Pardot tracker domains are SSL-enabled and served over HTTPS, the great news is you don’t need to do anything!

If this is not the case, then you will need to work with your IT or website admin to make sure that the domains you use with Pardot are set up correctly.

The pages will need to follow these guidelines:

  • Pages with Pardot tracking code are served over HTTPS.
  • Your primary Pardot tracker domain is SSL enabled, and defaults to HTTPS.

How to check your set up?

You will first need to navigate to domain management in your Pardot account.

Admin > Domain Management.

Here you will be able to see the tracker domains that have been set up in your account and whether or not SSL has been enabled or not.

How to SSL-enable domains in Pardot

If it has not been enabled as shown in the screenshot above, you can enable it by clicking on the ‘cog’ icon and selecting ‘Enable SSL’

It may take up to 15 minutes for the SSL status to update from Processing to Enabled.

Once this has been enabled you will need to set your domains to HTTPS as default.

Before you convert across to HTTPS, you will need to make sure you have resolved all cases of mixed content in your marketing assets by making sure your assets can load over HTTPS.

If any of your resources load over HTTP and the page is loaded over HTTPS, your page won’t render correctly, and visitors will receive security warnings.

Find out how to check for mixed content here.

Once you have checked/resolved this issue you are now ready to default to HTTPS.

SSL-enabled domains - default to httpsTo do this click on the ‘cog’ icon again and select ‘Default HTTPS’.

That is it, you are all set!

You will be able to continue to track your prospects.


Still not sure if you need to do anything? Contact us and we can help you work it out.



Related Content

Get In Touch

Whatever the size and sector of your business, we can help you to succeed throughout the customer journey, designing, creating and looking after the right CRM solution for your organisation