Why would Chrome show a 'not secure' error for a tracking link?

Chrome (and other modern browsers) prioritize security. If your tracking link or any part of its redirect chain uses HTTP instead of HTTPS, or if the SSL certificate is expired or invalid, it will often display a not secure warning or block the link entirely. This is also known as mixed content issues.

What does an 'ERR_FAILED' error mean for a tracking link?

The ERR_FAILED error often indicates a general network issue or a problem with the URL itself. For tracking links, it could mean a broken redirect, a problem with the DNS resolution of the tracking domain, or a severe security block by the browser due to an invalid or untrusted certificate .

How can I fix issues with my ESP's tracking links?

Ensure your custom tracking domain is properly set up with HTTPS and has a valid, unexpired SSL certificate through your Email Service Provider. Verify DNS records (typically CNAME) are correct. You should also check if your domain (or its associated IP address) is on any email blocklists (blacklists) .

What if tracking links work for some recipients but not others?

If only some users or devices experience issues, it might be a local browser problem. Suggest clearing Chrome's cache and cookies, disabling browser extensions (especially ad-blockers or privacy tools), or trying the link in incognito mode. Also, ensure Chrome is updated to the latest version.

Why are my tracking links not working in Chrome and showing an error? - Troubleshooting - Email deliverability - Knowledge base

It can be incredibly frustrating when your tracking links, especially those in email campaigns, don't work as expected in browsers like

Google Chrome. Instead of directing recipients to the intended page, you might encounter a generic error message, a not secure warning, or a complete failure to load. This can severely impact your email analytics, campaign performance, and overall user experience.

The root causes for these issues are varied, ranging from server-side misconfigurations and expired security certificates to browser-specific quirks and email service provider (ESP) link wrapping challenges. Understanding these underlying problems is the first step toward effective troubleshooting and ensuring your email campaigns perform optimally.

HTTPS and SSL certificates

One of the most common reasons tracking links fail in modern browsers, particularly

Chrome, is related to HTTPS and SSL certificates. Browsers are increasingly strict about secure connections, and any link that attempts to redirect from an HTTPS page to an HTTP (non-secure) page, or a page with an invalid or expired SSL certificate, will often be flagged or blocked. This is part of a broader effort to protect user data and ensure privacy online.

When Chrome encounters a tracking link that initiates an insecure connection (e.g., http:// instead of https://), it may display a not secure warning, block the redirect, or show an ERR_FAILED error. This is often tied to HTTP Strict Transport Security (HSTS), which forces browsers to interact with websites using only HTTPS connections. If your tracking domain (or the final destination) isn't consistently serving over HTTPS with a valid certificate, it will cause issues.

To prevent these errors, ensure that your custom tracking domain and all redirect paths use valid, up-to-date SSL certificates. Any mixed content, where an HTTPS page tries to load resources or redirect to HTTP content, can trigger these security warnings. This is particularly relevant for email marketing platforms that might not fully support HTTPS for their tracking domains by default, leading to deliverability problems.

The problem of expired SSL certificates

An expired SSL certificate on your tracking domain will instantly trigger a security warning in Chrome, often preventing users from proceeding. This is a critical issue that must be addressed immediately to restore link functionality.

Checking your SSL certificate expiry and detailsbash

# Use a tool like OpenSSL or a web-based SSL checker
openssl s_client -connect yourtrackingdomain.com:443 -servername yourtrackingdomain.com < /dev/null 2>/dev/null | openssl x509 -text

Email service provider (ESP) and link wrapping

Email Service Providers (ESPs) often implement a process called link wrapping or click tracking. This means that when you send an email, the original links are replaced with unique tracking links that redirect through the ESP's (or your custom) tracking domain before reaching the final destination. This allows them to collect data on clicks, a crucial part of email analytics.

If this link wrapping process is misconfigured, it can lead to problems. For example, if your ESP's tracking domain or your custom branded tracking domain isn't correctly set up with HTTPS, or if there are issues with the redirect chain, Chrome will block the link. This is why you might see errors like ERR_TOO_MANY_REDIRECTS or NET::ERR_CERT_DATE_INVALID which are indicators of certificate or redirect issues with the tracking link itself.

It's essential to ensure your ESP has properly configured your custom tracking domain, including robust SSL support. If you are experiencing issues with SendGrid, SparkPost, or any other provider, check their documentation on how to brand your tracking links with HTTPS and troubleshoot redirect errors.

Correct setup

HTTPS enabled: All tracking links (and subsequent redirects) use https://.
Valid SSL certificate: The certificate for the tracking domain is current and trusted.
Proper DNS configuration: DNS records (usually CNAME) are correctly pointing to the ESP's tracking servers.

Incorrect setup

HTTP usage: Tracking links are still using http:// or have insecure redirects.
Expired or invalid SSL: The tracking domain's SSL certificate is not valid.
DNS errors: Incorrect or missing DNS records for the tracking domain.

Browser settings and user impact

Sometimes, the issue isn't with your links or ESP configuration, but with the local browser environment.

Chrome's settings, cached data, or even specific extensions can interfere with how tracking links behave. If links work for some users but not others, or only on certain devices, local browser problems are a strong possibility.

Corrupted browser cache and cookies can sometimes lead to issues with link navigation. Browser extensions, particularly those related to ad-blocking, privacy, or security, might also mistakenly block tracking links or interfere with redirects. These can lead to error messages when accessing links from emails.

In such cases, troubleshooting steps usually involve clearing browser data, disabling extensions, or even resetting Chrome to its default settings. Regularly updating Chrome is also vital, as updates often include bug fixes and security enhancements that can resolve link-related issues.

Troubleshooting browser issues

Clear cache and cookies: Navigate to Chrome settings, privacy and security, then clear browsing data.
Disable extensions: Temporarily disable all Chrome extensions to see if they are interfering.
Try incognito mode: This mode runs without extensions and a clean cache, helping to isolate issues.
Reset Chrome settings: Go to Chrome settings, then Reset settings.

Blocklists and domain reputation

While less direct, your domain's reputation and its presence on email blocklists (also known as blacklists) can indirectly affect how your tracking links perform in Chrome. If your sending domain or even your tracking domain ends up on a major blacklist, email clients and browsers might flag links from that domain as suspicious or dangerous. This often results in security warnings, preventing users from clicking through.

Receivers, including

Gmail, will leverage real-time blocklists to prevent users from accessing potentially malicious or spam-related links. If your tracking domain is flagged, it can lead to privacy errors or the links being blocked entirely within the email client itself, long before Chrome even gets a chance to process them. This is why click tracking links can be blocked as dangerous.

Regularly monitoring your domain reputation and checking major email blocklists (or blacklists) for your sending and tracking domains is crucial. If listed, immediate action to delist and improve sending practices is necessary to avoid issues with your email links.

Views from the trenches

Best practices

Always ensure your tracking domains use HTTPS with valid, current SSL certificates to avoid browser security warnings.

Work with your Email Service Provider to properly configure custom tracking domains with HTTPS and verify redirect chains.

Regularly check your domain's reputation and monitor blocklists to prevent your links from being flagged as malicious by browsers or email clients.

Perform local browser troubleshooting, including clearing cache, disabling extensions, and updating Chrome, to rule out user-specific issues.

Common pitfalls

Using HTTP for tracking links, which modern browsers like Chrome will flag as insecure and often block.

Ignoring expired or invalid SSL certificates on your tracking domain, leading to immediate link failures and security warnings.

Having inconsistent DNS configurations for tracking domains, causing some links to work while others fail due to different server responses.

Not accounting for browser extensions or cached data that might interfere with link redirects and cause unexpected errors for users.

Expert tips

Utilize online SSL checkers to verify the status and validity of your tracking domain's SSL certificate proactively.

Implement HSTS on your tracking domain to enforce HTTPS, which helps prevent mixed content warnings and improves link trust.

Examine redirect chains using developer tools or online redirect checkers to pinpoint exactly where a tracking link might be failing.

Maintain consistent DNS A records or CNAME records for your tracking domain across all global DNS servers to prevent regional access issues.

Marketer view

Marketer from Email Geeks says they noticed tracking links were not HTTPS, and a new Chrome build was blocking them, causing concern about local vs. widespread impact.

2021-12-10 - Email Geeks

Expert view

Expert from Email Geeks says that HSTS (HTTP Strict Transport Security) mandates using HTTPS, implying that insecure connections will be rejected by the browser.

2021-12-10 - Email Geeks

Ensuring reliable link tracking

Troubleshooting tracking links that don't work in Chrome requires a systematic approach. Start by verifying that all your tracking domains and their redirect paths are fully secured with valid HTTPS and SSL certificates. Any deviation can lead to immediate blocking by modern browsers. You can check your

SSL certificate using a diagnostic tool.

Beyond technical configurations, remember to account for browser-specific factors and monitor your sending and tracking domains' reputations. By addressing these potential issues, you can significantly improve the reliability of your tracking links, ensure accurate campaign analytics, and deliver a seamless experience for your email recipients.