Check creatives for SSL compatibility
When you serve creatives to secure environments, such as web pages beginning with
https://, it's important to confirm that the creatives are compatible with the environments’ security settings. Otherwise, some browsers and apps might display warnings about mixed content, or simply fail to show the creative at all. Read the following to learn what type of content can be blocked, how to check for SSL compatibility, how to override checks, and more.
What makes a creative SSL-compliant?
SSL compatibility isn't an issue when all creative assets are hosted by DFP. However, if your creative is hosted on a third-party server, as with the custom, third-party, or DoubleClick tag creative types, some of that content might be insecure.
What content is blocked?
Each secure environment is different, so check the specifications of each environment to ensure all creatives will render successfully. Usually, content is grouped into two categories:
- Passive content: Typically not blocked
- Active content: Often blocked.
Click here for an overview of the differences between the two types.
Check for SSL compatibility
Here’s an easy way to check for SSL compatibility:
- Traffic the creative using a test line item.
- Create a standalone test page for the creative.
- Load it in Chrome.
- Check the Console in Chrome DevTools.
For any unsecured resources, Chrome displays a “Mixed Content” message in the Console. Some text will be in red or yellow:
- Red: Errors that indicate the resource was blocked.
- Yellow: Warnings that should be fixed, but most secure environments will still allow this content to load even though it’s unsecured.
SSL compatibility scanning in DFP
For creative types that are not hosted by DFP, DFP checks the creative for SSL compatibility.
- By default, this information is shown in the creative's settings and in reports.
- Creatives are initially scanned within 12 hours after they're added to DFP, and scanned again within 12 hours after any change is made.
- Active creatives will also periodically be rescanned.
Override automatic SSL compatibility checking
In some cases, you might want to override the automatic SSL compatibility detection. For example:
- You might be using an incompatible creative within a line item that targets browsers where SSL compatibility isn't an issue.
- You believe that the automatic SSL detection isn't flagging your creative properly as SSL compliant.
In such cases, you can:
- Click override in the SSL compatibility field in the creative's settings.
- Use the switch to set SSL compatibility as Yes or No.
DFP delivers the creative according to the compatibility value you set.
Check a creative's SSL compatibility status
For creatives where it's relevant, the SSL compatibility is displayed within the creative settings. You can also run reports to show SSL-compatible and non-compatible creatives, using the following attributes under “Creative”:
- Creative SSL scan result: Shows the result of DFP's scan of the creative. The possible values for this attribute are:
- Compliant: SSL scanner did not find any unsecured items in this creative.
- Non-compliant: SSL scanner found at least one unsecured item in the chain of resources for this creative.
For very complex, non-standard creatives (for example, creatives with JSON responses to AJAX requests), the SSL scanner may not be able to fully scan the creative and mark it as non-compliant.
- Not applicable: SSL scanner didn’t scan the creative type.
- Not yet scanned: SSL scanner has not yet run on this creative.
- Creative SSL compliance override: Shows whether there's an override, and how the override has been set.
SSL compatibility scan-based serving
DFP also supports serving creatives based on the compatibility scan so that only compatible creatives serve. This feature is enabled by default for all AMP pages. To enable this feature for the rest of your site, contact customer support to change your network settings.