Cross-origin resource sharing (CORS) and SSL
All inventory available through Google partners has a secure connection (SSL) and requires SSL-compliant creatives.
For more information, see the SSL implementation guide.
In order for the HTML5 SDK to serve ads over SSL, the ad server must include a Cross-Origin Resource Sharing (CORS) header in all its responses.
CORS extends the standard set of HTTP headers with a new response header that allows servers to specify domains authorized to make file requests. To initiate a cross-origin request, a browser sends the request with an
Origin: <domain> HTTP header, where
<domain> is the domain that served the page. In response, the server sends
Access-Control-Allow-Origin: <domain>, where
<domain> is either a list of specific domains or a wildcard to allow all domains.
For example, when a request is sent from
example.com to an ad server, the ad server’s response should include either:
Access-Control-Allow-Origin: https://www.example.com http://www.example.com https://s0.2mdn.net http://s0.2mdn.net https://static.doubleclick.net http://static.doubleclick.net