Warning! Do not Pass Go.Pardot.Com
Plus a bonus note on a little-used but handy way to use Pardot (MCAE*) Forms
There's already been a fair amount written about the upcoming security upgrades to Pardot that impacts how content served if you embed forms using go.Pardot.com on your website instead of a custom tracker domain (which if you don't have one set up, do this asap).
Bottom line, if you have any iframes on your website that are embedded using go.pardot.com, you need to replace them with your custom tracker domain. In fact, you can simply swap out the tracker domain for go.pardot.com in the url string in the code and it will work just fine.
Elements generally not affected (although in general, you should be using your tracker domain for everything regardless) include custom redirects, form handlers, landing pages and content.
Before you say "But Bill, that's way old stuff, this doesn't affect me, we transitioned to custom tracker domains years ago," let me suggest that you take 5 minutes to check something to make sure.
On your domain management page in Pardot settings there is a new button called "Content Served Using Default Domain". Push that button.
Hopefully the result looks like this:
Which means that Salesforce didn't find anything to be concerned with. According to product managment, they did the best they could to try and find everything they could that would indicate somethign is being used with the default domain. What this report tells you is stuff that seems to be in use, but what it can't tell you is where it's being used. That, unfortunately, is going to be detective work for you.
If you do find something on this page-- make sure you check it out. Maybe it's some long-forgotten page with an embedded form that hasn't been updated but some part of your business is still using. One other place that's a possibility and is the subject of the bonus content is: Forms used like a landing page.
Did you know you can just use a Pardot form as if it's a landing page?
Since all Pardot forms have an absolute address (with both the pi.pardot.com and the tracker domain variations), they can be used as a mini landing page. Forms have above and below form content, right? You can style them and give them completion actions and post-submit behavior. So if all you really need is for someone to fill out a form, you don't have to embed it anywhere and you don't have to build a landing page, you can just send people directly to the form's URL which you can find right on the form page after you create it. So one possbility for using go.pardot.com was people accessing the form directly using it's URL.
This is great for instances where you want to control who gets the form, who knows where it is, or not have it indexed. Here are some use-cases for the form-as-a-landing-page technique:
Use it for internal purposes in kiosk mode as a one-off add to Pardot data entry form, for example third party leads.
Use it as a signup form for an in-person event.
Use it for internal purposes in koisk mode as a way for a staff member that's not a Salesforce user to accomplish a specific action on an email address in Pardot (via completion actions), such as signing up people for a newsletter or setting as do not email or do not call.
Use it as the destination from an email as a suvey or "update missing details" form.
Use it as a proxy for an email preference center that allows people to "sign up" for emails and lists without giving them the ability to unsubscribe.