Tag management: Focus on SSL- Security, Structure and Latency

A recent white paper from Ghostery provides some interesting best practices for managing your site's marketing cloud. Following is a rundown of key take aways from the report including my own comments.

Security

  • Audit all the tags and every pixel fired from your site - including all pixel redirects or additional calls
  • Assess the value of each tag and pixel - identify tag vendors with potential overlaps, expired contracts, non-direct relationships
  • Limit the number of tags on secure pages (HTTPS), if possible use tag whitelist and blacklist feature provides by your tag management system (TMS)
  • Limit the first-party data collection per page especially on the secure pages, otherwise you may be risking your compliance
  • Don't load non-secure tags (HTTP calls) on secure pages - remember not every HTTPS call is secure check for valid SSL certificate
  • Avoid data leakage and unnecessary tags across your site - you may be unknowingly contributing user data to someone else’s campaign
  • Keep track of vendor tag code change and version change - whenever possible load self-hosted vendor tags
  • Keep track what customer data is accessible to tags in the browser (cookies, local storage) or on page (credit card details)
  • Keep track of common cookie tags against your competitor sites, - keep number of common cookie tag low if possible 0
  • Don't set personal identifiable data in the cookies, use HttpOnly cookies if possible, enforce SSL
  • Don't trust data layer for securing your marketing cloud, data layer by virtue of JavaScript is mutable hence can be manipulated

Structure

  • Carefully manage you tag manager - have an audit and change management process in place
  • Use dynamic tag serving on key pages - harness visitor profile data to reduce the tag loads
  • Limit parent/child tag chains - especially ad networks vendor relationships are complex - often opens flood gate
  • The more tags you allow your partners to bring in, the less control you have
  • Limit the redundant vendors, reduce duplicate tag loads
  • Consolidate tags by data sensitivity - conversion tags, retargeting tags, etc

Latency

  • Keep Tag Deployment Ratio low [1]
  • Ask you tag vendor for expected load and response time for pixels
  • Avoid non-synchronous tag loads - always ask for asynchronous or deferred tag loads
  • Identify the slow loading tags
  • Make sure you page load completes in 3-4 seconds

  1. The ratio of average number of vendor tags per page encountered on the domain, divided by total tags encountered across the domain ↩︎