Depending on the status of a user (logged in/logged out), YouTube pages can be loaded over a secure or insecure connection. Secure connections are achieved using SSL. To avoid warning messages in the user's browser, we require that ads, creatives and tracking elements are requested using an appropriate connection:
- For non-secure pages (HTTP://) the ad, creative and tracking pixels can use either HTTP or HTTPS.
- For secure pages (HTTPS://) the ad, creative and tracking pixels must only use HTTPS. Additionally, for ads and creatives loaded using a secure connection (HTTPS://), all subsequent requests to media assets or tracking URLs must also use a secure connection (HTTPS://). This means that all creatives must be able to deliver over HTTP and HTTPS without the need for special trafficking. If tracking pixel URLs are provided, they must be SSL compliant (begin with HTTPS://). The only part of an ad permitted to be non-SSL compliant is the click URL (target landing page).
3rd party served display ads
Some vendors auto correct their creative to be SSL compliant which means for these vendors there is little change needed for your creative to be SSL compliant. A list of vendors and their capabilities is available here.
VAST tracking pixels
For the tracking of VAST ads such as inStream and inVideo, we will request any insecure URLs via a secure connection. We will achieve this by swapping out HTTP:// with HTTPS:// prior to requesting the URL. If your tracking vendor cannot support this functionality, the tracking URL supplied must be SSL compliant (start with HTTPS://). A list of vendors and their capabilities is available here.
3rd party served VAST ads
All 3rd party VAST ads must be SSL compliant. This means that any URL within a VAST response must use the appropriate connection.
- For non-secure pages (HTTP://) the creative and tracking pixels can use either HTTP or HTTPS.
- For secure pages (HTTPS://) the creative and tracking pixels must only use HTTPS. If your vendor does not auto correct the ad response to use the appropriate protocol or does not support the swapping of HTTP:// with HTTPS:// then SSL (HTTPS://) must be returned by default for all media and tracking URLs within the VAST ad.