All inventory available through Google partners has a secure connection (SSL) and requires SSL-compliant creatives.
For more information, see the SSL implementation guide.
Authorized Buyers fully supports Secure Socket Layer (SSL) encrypted traffic for all inventory. SSL inventory is unique in that all subsequent calls to third parties after the initial ad request must also use SSL or the browser displays a warning. To ensure a seamless user experience, all buyers on Authorized Buyers must have a valid SSL certification.
Serve SSL-enabled ads with real time bidding
In the excluded_attribute
field, the value 48 represents the RichMediaAdsVendor: RichMediaCapabilityNonSSL
creative attribute. In the bid request, this appears as:
repeated int32 excluded_attribute = 48
This field appears in bid requests for both display and in-stream video ads.
To bid with an SSL-compliant creative, declare the attribute 47 RichMediaCapabilityType: RichMediaCapabilitySSL
in the attribute field. In the bid response, this appears as:
repeated int32 attribute = 47
- Interpret SSL bid requests
- If 48 is present in the
excluded_attribute
field, SSL-compliant ads are required. - If 48 is not present in the
excluded_attribute
field, both SSL-compliant and non-SSL-compliant ads can be returned.
- If 48 is present in the
- Respond with an SSL creative.
Requirements
-
To begin receiving SSL bid requests, contact your Authorized Buyers account team to update your account settings.
-
All media and third-party tracking URLs must be SSL-compliant. If neither the ad nor the tracking calls use
https
, the bid is dropped from the auction and the snippet filtered from auction for SSL inventory. - You should use a separate
buyer_creative_id
for SSL and non-SSL versions of creatives.While, attribute 47
RichMediaCapabilityType: RichMediaCapabilitySSL
can be used as a part of a unique identifier for a creative, using a separatebuyer_creative_id
for separate versions is highly recommended.To distinguish between creatives, you should also consider including the SSL status of the creative in your naming convention.
-
Serving an SSL ad to a non-SSL request is acceptable and runs in the auction as normal.
Certification
- To begin serving SSL-enabled ads, buyers must be certified by the Authorized Buyers certification team.
- The list of SSL-certified vendors can be found in the Authorized Buyers vendors. SSL-compliant vendors have “SSL” displayed next to their name.
Creative review
-
Non-SSL and SSL creatives are reviewed and approved separately. Although the same buyer_creative_id can be used for both versions, the
47 RichMediaCapabilityType: RichMediaCapabilitySSL
attribute distinguishes between the two. -
If you use the REST API to submit creatives, you need to submit the SSL and non-SSL tags separately. You can use the same buyer_creative_id, but must declare the
47 RichMediaCapabilityType: RichMediaCapabilitySSL
attribute in the bid request.
Best Practices
-
Use the REST API for submitting a large number of ads.
-
Until you confirm that all vendors you work with are SSL-compliant, refrain from dynamic insertion of third-party tracking URLs.
-
For more information on SSL implementation, see the SSL implementation FAQ.
SSL implementation guide
All publisher inventory accessible via Authorized Buyers has a secure connection (SSL) and requires SSL-compliant creatives.
This guide will help prepare you for SSL inventory on Authorized Buyers.
First steps for all buyers
- Your own certification: If you have not yet heard from the Google third-party ad serving (3PAS) certification team or have specific questions about the parameters of testing or the overall process, please contact 3p-recert@google.com.
- Your vendors' certification: Ensure that the vendors you use on Authorized Buyers are certified for SSL. Google certifies both display and VAST vendors. See the updated Authorized Buyers vendors list for details.
Information for RTB buyers
Prepare your bidder
Get your bidder ready to interpret and respond to SSL inventory bid requests properly. Make sure your bidder platform understands the following:
- Interpret SSL bid requests
In the field, the value 48 represents the
RichMediaAdsVendor: RichMediaCapabilityNonSSL
creative attribute. In the bid request, this appears as:repeated int32 excluded_attribute = 48
- If 48 is present in the
excluded_attribute
field, SSL-compliant ads are required. - If 48 is not present in the
excluded_attribute
field, both SSL-compliant and non-SSL-compliant ads can be returned.
This field appears in bid requests for both display and in-stream video ads.
- If 48 is present in the
- Respond with an SSL-compliant creative
To bid with an SSL-compliant creative, declare attribute 47,
RichMediaCapabilityType: RichMediaCapabilitySSL
, in theattribute
field of the bid response. In the bid response, this appears as:repeated int32 attribute = 47
Please note the following:
- If your tag is always SSL compliant (for example, the tag uses JavaScript or a macro to determine whether to make all calls over SSL), always declare the tag as SSL compliant. Do not declare SSL compliance for a creative if the tag changes on the bidder side to toggle SSL compliance.
- You should use a separate
buyer_creative_id
for SSL and non-SSL versions of creatives.While, attribute 47
RichMediaCapabilityType: RichMediaCapabilitySSL
can be used as a part of a unique identifier for a creative, using a separatebuyer_creative_id
for separate versions is highly recommended.To distinguish between creatives, you should also consider including the SSL status of the creative in your naming convention.
- Serving an SSL ad to a non-SSL request is acceptable and runs in the auction as normal.
How to determine if creatives are fully SSL-compliant
If either the ad or the tracking calls do not use https, the bid will be dropped from the auction and the snippet disapproved. Until you confirm that all vendors you work with are SSL-compliant, refrain from dynamic insertion of third-party tracking URLs.
Using https is not, in itself, sufficient. The landing page certificate must be valid and up-to-date. To view this information, click the lock icon in the Chrome browser. Learn more about checking if a site's connection is secure.
For geo targeting: Make sure sure that no geo restrictions are applied to your assets. If the verification system is unable to load your asset due to a geo restriction, your creative is not considered SSL-compliant.
For video creatives: Make sure that the <clickTracking>
URL does not redirect to landing page that is not SSL-compliant. Only URLs in the <ClickThrough>
node can redirect to the landing page. If the <clickTracking>
URL redirects to a landing page that is not SSL-compliant, the verification system will not consider the creative SSL-compliant.
Enable SSL inventory with RTB pretargeting
For each PretargetingConfig
where you’d like to receive SSL inventory, ensure that you do not target RichMediaCapabilityNonSSL
. By not targeting RichMediaCapabilityNonSSL
, you receive all non-SSL and SSL inventory that matches your other pretargeting selections. Targeting RichMediaCapabilitySSL
also gets you both types of inventory, but is unnecessary.
Important note
- Before declaring SSL compliance for all of your RTB creatives, we highly recommend testing in small batches initially.