HTTPS-compatible ad code for AdSense
By Sandor Sas,
AdSense Software Engineer
Much of the signed-in web uses
Hypertext Transfer Protocol
Secure (HTTPS) to protect users’ sensitive information. For instance, most eCommerce
and social networking websites use the HTTPS protocol to create secure sites that protect
users sensitive information such as credit card and login credentials. We’ve updated the
AdSense
ad code so that it now supports secure ad serving through Secure Sockets Layer (SSL)
on HTTPS web pages. This means that publishers with secure sites can now use AdSense ad code
to serve SSL-compliant ads.
Our current ad code looks like this:
Synchronous ad code
<script type="text/javascript"
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
Asynchronous ad code
<script async
src="http://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js">
</script>
The new HTTPS-enabled ad code replaces the old and uses a protocol-relative URL to kick off
the ad request:
Synchronous ad code
<script type="text/javascript"
src="//pagead2.googlesyndication.com/pagead/show_ads.js">
</script>
Asynchronous ad code
<script async
src="//pagead2.googlesyndication.com/pagead/js/adsbygoogle.js">
</script>
Now when the user visits your secure website via HTTPS, AdSense serves the ad via HTTPS. A
visit via HTTP will still serve the ad via HTTP, as before.
HTTPS-enabled sites require all resources on the page, including the ads, to be SSL compliant
to protect the user against
man-in-the-middle
attacks. If an HTTPS page loads an HTTP resource, the page is considered mixed
content, and the browser displays a mixed content warning (like the padlock with warning
triangle in Chrome). New browser releases like Firefox 23 are starting to block mixed active
content (scripts) but still display mixed content warnings for mixed passive content
(images).
The mixed content warnings vary in aggressiveness among browsers. Here are some
examples:
To make sure that all resources loaded by our ad calls on your secure page are SSL compliant,
AdSense will remove non-SSL compliant ads from competing in the
auction,
which in theory means less auction pressure. This feature is meant to provide a monetization
solution for publishers with existing HTTPS pages and not a reason for publishers to convert
sites from HTTP to HTTPS. The HTTPS-compliant ads currently are text, image and Flash ads, but
we are working on enabling more as we can make sure they are safe to use on secure
pages.
Note that if you load your web page from the file system using the file:// protocol while
developing, you won’t see the ads appear; instead, you’ll get a 404 response. In this case the
asynchronous ad code -
adsbygoogle.js - will put a placeholder the
size of your ad slot on the page, while the synchronous ad code -
show_ads.js - will not.
If you have an HTTPS-enabled website, we’d love to get your comments on our
Google+
page.
Sandor Sas is a Software Engineer on the AdSense Formats team working on new,
innovative ad formats. In his free time Sandor likes to play football (soccer) and he is an
amateur clarinet player.
Posted by Scott Knaster,
Editor
