Check creatives for SSL compatibility

When you serve creatives to secure environments, such as web pages beginning with https://, it's important to confirm that the creatives are compatible with the environments’ security settings. Otherwise, some browsers and apps might display warnings about mixed content, or simply fail to show the creative at all. Read the following to learn what type of content can be blocked, how to check for SSL compatibility, how to override checks, and more.

What makes a creative SSL-compliant?

SSL compatibility isn't an issue when all creative assets are hosted by Ad Manager. However, if your creative is hosted on a third-party server, as with the custom, third-party, or Campaign Manager tag creative types, some of that content might be insecure.

All resources of a creative, including images, stylesheets, JavaScript, and tracking pixels, must be secure for a creative to be SSL-compliant. These resources can reference other secondary resources, but all resources referenced must be secure. Note that an SSL-compliant creative can include an insecure click-through URL.

SSL compliance for creatives in Ad Manager is determined by the protocol of the resources loaded in serving the ad, including HTML, JavaScript, images, videos, and tracking pixels.

What content is blocked?

Each secure environment is different, so check the specifications of each environment to ensure all creatives will render successfully. Usually, content is grouped into two categories:

  • Passive content: Typically not blocked
  • Active content: Often blocked.

Click here for an overview of the differences between the two types.

Check for SSL compatibility

Here’s an easy way to check for SSL compatibility:

  1. Traffic the creative using a test line item.
  2. Create a standalone test page for the creative.
  3. Load it in Chrome.
  4. Check the Console in Chrome DevTools.

For any unsecured resources, Chrome displays a “Mixed Content” message in the Console. Some text will be in red or yellow:

  • Red: Errors that indicate the resource was blocked.
  • Yellow: Warnings that should be fixed, but most secure environments will still allow this content to load even though it’s unsecured.

SSL compatibility scanning in Ad Manager

For creative types that are not hosted by Ad Manager, Ad Manager checks the creative for SSL compatibility.

You should work with all of your third-party partners to ensure SSL compliance. This includes partners who use third-party tags in their creatives. Although Google SSL compliance scans have a high degree of accuracy, automatic detection is not always possible with complex creatives serving mixed content.
  • By default, this information is shown in the creative's settings and in reports.
  • Creatives are initially scanned within 12 hours after they're added to Ad Manager, and scanned again within 12 hours after any change is made.
  • Active creatives will also periodically be rescanned.
Review all SSL compatibility scans and their results in the change history of a creative. Note that automated scans display "" as the user.

Override automatic SSL compatibility checking

In some cases, you might want to override the automatic SSL compatibility detection. For example:

  • You might be using an incompatible creative within a line item that targets browsers where SSL compatibility isn't an issue.
  • You believe that the automatic SSL detection isn't flagging your creative properly as SSL compliant.

In such cases, you can:

  1. Click override in the SSL compatibility field in the creative's settings.
  2. Use the switch to set SSL compatibility as Yes or No.

Ad Manager delivers the creative according to the compatibility value you set.

Note that the IDFA or AdID macro does not expand the IDFA or AdID value if you override the detection.

Check a creative's SSL compatibility status

For creatives where it's relevant, the SSL compatibility is displayed within the creative settings. You can also run reports to show SSL-compatible and non-compatible creatives, using the following attributes under “Creative”:

  • Creative SSL scan result: Shows the result of Ad Manager's scan of the creative. The possible values for this attribute are:
    • Compliant: SSL scanner did not find any unsecured items in this creative.
    • Non-compliant: SSL scanner found at least one unsecured item in the chain of resources for this creative.
      For very complex, non-standard creatives (for example, creatives with JSON responses to AJAX requests), the SSL scanner may not be able to fully scan the creative and mark it as non-compliant.
    • Not applicable: SSL scanner didn’t scan the creative type.
    • Not yet scanned: SSL scanner has not yet run on this creative.
  • Creative SSL compliance override: Shows whether there's an override, and how the override has been set.

SSL compatibility scan-based serving

Ad Manager also supports serving creatives based on the compatibility scan so that only compatible creatives serve. This feature is enabled by default for all AMP pages. To enable this feature for the rest of your site, contact customer support to change your network settings.

Was this article helpful?
How can we improve it?