How to set up SSL for dedicated click tracking

You will learn

Please review our guide to setting up dedicated click tracking to do so. After completing this crucial first step, the three most common ways that people then achieve SSL click tracking is via:

• Cloudflare
• Cloudfront
• Fastly

While these are not your only options, this article will run through how to set this up via these three main methods.

Benefits of SSL for click tracking

A secure sockets layer, also known as SSL, is a security protocol that can be set up for your dedicated click tracking to authenticate that the tracking links’ domain is secure. This will cause your URLs to begin with HTTPS instead of the HTTP, indicating to users clicking on your links that the connection with the associated domain is secure.

We recommend setting up SSL for your dedicated click tracking, as this is best practice for increasing customer trust and security. Without SSL, some browsers may display a security warning for users clicking through your links, and customers may see issues with links and images rendering correctly. 

Cloudflare

1. First, log into your Cloudflare account.
2. Then head to the DNS section.

3. Here, you will see that both click tracking CNAME records are set to have the DNS proxy off, as signified by the gray cloud icon. Click the proxy toggle to the right of the page under Proxy status to turn on for the branding subdomain record.

In the following example, the branding subdomain is “trk.” This is also the default we recommend when setting up dedicated click tracking.

4. Next, head to the Page Rules section of your Cloudflare account:

5. Click the Create Page Rule button on the right side of the page.

6. Create a page rule for the branding subdomain, iterating upon what was discussed above — by default, we recommend “trk” as the subdomain. However, if you used a different subdomain, then we recommend reflecting those changes in the page rule as well.

When creating the page rule, make the settings enforce SSL as Full.

Cloudfront

In order to set up SSL for click tracking through AWS Cloudfront, you’ll first need to create a custom SSL certificate through the Certificate Manager.

To do this, take the following steps: 

1. Click Request Certificate
2. Select Request a public certificate, then click Next

Under Fully qualified domain name, you should enter your entire click tracking domain. All other defaults can remain as they are.

You may need to add DNS records to validate the certificate. If necessary, the DNS record that needs to be applied will show on the SSL certificate page.

After creating a custom certificate, you can proceed to create a Cloudfront distribution. To do this:

1. First, navigate to the Cloudfront Management Portal.
2. Then, click Create Distribution. This will open a page with various settings. We will walk through each of these sections one by one.

Origin

The main settings to adjust under the Origin settings are:

• Origin domain: sendgrid.net

Default Cache Behavior Settings

Your cache behavior settings should also match the setup below. The main settings you need to adjust in the Settings are:

• Compress objects automatically: Yes
• Viewer Protocol Policy: HTTP and HTTPS
• Allowed HTTP Methods: GET, HEAD
• Restrict Viewer Access: No
• Cache and origin request settings: Legacy cache settings
• Headers Requests: All
• Query Strings: All
• Cookies: All

Distribution Settings

1. The main settings to adjust in the Distribution Settings are as follows:

• Alternate Domain Names (CNAMEs): trk.example.com
• SSL Certificate: Custom SSL Certificate

2. Once this is set up, click Create Distribution. At this point, the Cloudfront distribution will be ready to go and you are in the last stretch of setting up SSL for dedicated click tracking. The last thing to do is point your subdomain to this distribution.

3. In your DNS provider, create or update your click tracking subdomain's CNAME record to point to the Cloudfront domain name you see in the distribution overview.

Fastly

1. First, navigate to Fastly.
2. If this is your first time logging in, select Get Started and then Create Service. However, if you’re logging in and already use Fastly for other services, simply click Create Service > CDN in the upper right corner of your screen.
   
3. Select the option Skip and go to service configuration.
   
4. Select Edit service name under Options and create a name for your service. Use something easily identifiable, like “Klaviyo click tracking”.
   
5. Once you create the service, you will be brought to a page that will ask for your domain. Type in both your subdomain and domain. Make sure that you use the proper subdomain and domain that you used to set up dedicated click tracking prior.
   
6. After you add your domain, head to the Hosts section and add Sendgrid.net as the host. It’s important that the port is 443 for SSL.
   
7. On the Settings page for your service, set an override host. This should be set to the click tracking domain you have already set up.
   
8. Once done, select Activate. 
   

Final step for completion

As iterated above, the three options outlined in this article are not the only options for setting up SSL for dedicated click tracking; however, they are the more common solutions.

Regardless of how you set up SSL click tracking, after doing so, create a ticket in Klaviyo by reaching out to our support team.

Please note that chat support is not able to assist with these tickets.

Additional resources

• Setting up dedicated click tracking
• Setting up a dedicated sending domain