If you’re using Marketing Cloud to send emails, you may have noticed some images are not rendering properly and are not displaying with the rest of the content. Upon logging in to your Marketing Cloud account, you might have also encountered a dialogue box regarding “mixed content blocking”.
Content over HTTPS is becoming an essential browser requirement. With this, Google recently released an update last September 2020 which blocks HTTP content including images, audio, and video rendered in an HTTPS site.
In line with this new rollout, Google Chrome will start blocking mixed content downloads in January 2021. Here’s what you need to know regarding certain email building aspects with Marketing Cloud that may be affected by this change.
This new update will impact customers who use Private image domains (SAP) without SSL certificates as it will disable images to load and not be visible in the Marketing Cloud application. External content from unsecured (HTTP) domains will also be affected by the update.
You may check these steps below to help you determine whether or not the Private image domain (image endpoint) has SSL:
- Navigate to Setup > Company Settings > Account Setting
2. If an account has SSL, the Portfolio Base URL will start with HTTPS.
3. If an account does not have SSL, the Portfolio Base URL will start with HTTP.
One instance that would be impacted by this new update is the email and message creations flows. During the email creation and preview, users will receive a warning or images will not show up in the interface if they use a non-secured (HTTP) image domain. Web tools such as CloudPages and Email Studio Classic Content Microsites and Landing Pages will also be affected as images will not render in the UI.
An immediate workaround as you go through the process of securing your domains is to enable the Google Chrome mixed content flag to ensure that unsecured images render:
- On the Google Chrome browser of your PC/Mac, click on the padlock icon in the URL bar then click on “Site Settings”.
- Update the Insecure content dropdown to “Allow”.
Although a possible workaround is to use another browser that supports mixed content, other browsers may eventually follow this standard moving forward. If you currently send emails using Marketing Cloud, it is recommended to fully secure affected domains. Acquiring an SSL certificate will update existing image locations from HTTP to HTTPS automatically.
It is recommended to secure two SSL certificates for Salesforce Marketing Cloud: one for images and another for the URLs including your Cloud Pages. You may need to create a new cloud page that is secured if you are utilising Cloud Pages (e.g. Preference page). Make sure to copy all the code and also change or upload the images again so they are showing HTTPS on the page. This will ensure that when your pages are opened in Chrome there won’t be any issues, however, please consult with Salesforce about existing Cloud pages and images within emails especially if you have many journeys.