Cross-origin resource sharing (CORS) and SSL

Creatives must be SSL-compliant.

All inventory available through Google partners has a secure connection (SSL) and requires SSL-compliant creatives.

For more information, see the SSL implementation guide.

In order for the HTML5 SDK to serve ads over SSL, the ad server must include a Cross-Origin Resource Sharing (CORS) header in all its responses.

CORS extends the standard set of HTTP headers with a new response header that allows servers to specify domains authorized to make file requests. To initiate a cross-origin request, a browser sends the request with an Origin: <domain> HTTP header, where <domain> is the domain that served the page. In response, the server sends Access-Control-Allow-Origin: <domain>, where <domain> is either a list of specific domains or a wildcard to allow all domains.

For example, when a request is sent from example.com to an ad server, the ad server’s response should include either:

Access-Control-Allow-Origin: *

or

Access-Control-Allow-Origin: https://www.example.com http://www.example.com https://s0.2mdn.net http://s0.2mdn.net https://static.doubleclick.net http://static.doubleclick.net

For more information, see the W3 specification or the Google HTML5 SDK documentation..

Was this article helpful?
How can we improve it?