SSL implementation guide
All publisher inventory accessible via Authorized Buyers has a secure connection (SSL) and requires SSL-compliant creatives.
This guide will help prepare you for SSL inventory on the Authorized Buyers.
First steps for all buyers
- Your own certification: If you have not yet heard from the Google third-party ad serving (3PAS) certification team or have specific questions about the parameters of testing or the overall process, please contact firstname.lastname@example.org.
- Your vendors' certification: Ensure that the vendors you use on Authorized Buyers are certified for SSL. Google certifies both display and VAST vendors. See the updated Authorized Buyers vendors list for details.
Information for RTB buyers
Prepare your bidder
Get your bidder ready to properly interpret and respond to SSL inventory bid requests. Make sure your bidder platform understands the following:
- Interpret SSL bid requests
excluded_attributefield, the value 48 represents the
RichMediaAdsVendor: RichMediaCapabilityNonSSLcreative attribute. In the bid request, this appears as:
repeated int32 excluded_attribute = 48
- If 48 is present in the
excluded_attributefield, SSL-compliant ads are required.
- If 48 is not present in the
excluded_attributefield, both SSL-compliant and non-SSL-compliant ads can be returned.
This field will appear in bid requests for both display and in-stream video ads.
- If 48 is present in the
- Respond with an SSL-compliant creative
To bid with an SSL-compliant creative, declare attribute 47,
RichMediaCapabilityType: RichMediaCapabilitySSL, in the
attributefield of the bid response. In the bid response, this appears as:
repeated int32 attribute = 47
Please note the following:
- You should use a separate
buyer_creative_idfor SSL and non-SSL versions of creatives.
While, attribute 47
RichMediaCapabilityType: RichMediaCapabilitySSLcan be used as a part of a unique identifier for a creative, using a separate
buyer_creative_idfor separate versions is highly recommended.
To easily distinguish between creatives, you should also consider including the SSL status of the creative in your naming convention.
- Serving an SSL ad to a non-SSL request is acceptable and runs in the auction as normal.
How to determine if creatives are fully SSL-compliant
If either the ad or the tracking calls do not use https, the bid will be dropped from the auction and the snippet disapproved. Until you confirm that all vendors you work with are SSL-compliant, refrain from dynamic insertion of third-party tracking URLs.
Using https is not, in itself, sufficient. The landing page certificate must be valid and up-to-date. To view this information, click the lock icon in the Chrome browser. Learn more
For geo targeting: Make sure sure that no geo restrictions are applied to your assets. If the verification system is unable to load your asset due to a geo restriction, your creative will not be considered SSL-compliant.
For video creatives: Make sure that the <clickTracking> URL does not redirect to landing page that is not SSL-compliant. Only URLs in the <ClickThrough> node can redirect to the landing page. If the <clickTracking> URL redirects to a landing page that is not SSL-compliant, the verification system will not consider the creative SSL-compliant.
The Creative Validator tool only scans for creatives on desktops in a given browser. The buyer will need to make sure the creative is SSL-compliant in other browsers, mobile environments, and geo locations.
Enable SSL inventory with RTB pretargeting
PretargetingConfig where you’d like to receive SSL inventory, ensure that you do not target
RichMediaCapabilityNonSSL. By not targeting
RichMediaCapabilityNonSSL, you will receive all non-SSL and SSL inventory that matches your other pretargeting selections. Targeting
RichMediaCapabilitySSL will also get you both types of inventory, but is unnecessary.
- Before declaring SSL compliance for all of your RTB creatives, we highly recommend initially testing in small batches.