As adops, programmatic advertising, and header bidding continue to become much more technically complex, numerous publishers are asking about SSL/HTTPS and the impact it has on their sites.
Is PubGuru Header Bidding compatible with SSL/HTTPS?
Short answer: Yes. Long answer: Yes, but be aware of the caveats. Although we are, not everyone upstream in the ad ecosystem is compatible with SSL/HTTPS.
Many advertisers and SSPs in the ad ecosystem are not compatible with https. This reduces auction pressure and can increase discrepancies. We’ve seen publishers have negligible revenue change, but we’ve also seen publishers lose as much as 40% of page RPMs in switching to HTTPS. The problems look something like this in the browser console when they’re happening:
Mixed Content: the page at ‘https://www.somesite.com’ was loaded over HTTPS, but requested an insecure script ‘http://ads.rubiconproject.com/ad/9204.js’. This request has been blocked; the content must be served over HTTPS.
Aside revenue, does SSL/HTTPS impact anything else?
Google has publicly stated they give a slight boost in organic reach to publishers using HTTPS. For most publishers, this only affects branded queries. For example, bankofamerica.com will get a boost from queries similar to “bank of America” — the original intention was to mitigate search fraud attacks, where phishers were generating typo queries of bank names, faking the websites, and tricking people into giving up their banking details.
Google has since expanded this to other sites, but still primarily branded queries. Some sites have even reported a loss in organic search. For these reasons, many publishers have been hesitant to switch. Before making the full switch, we strongly recommend A/B testing ad performance on a segment of traffic that’s directed to an SSL/HTTPS version of your site.
How do I enable SSL/HTTPS with PubGuru Header Bidding?
If the publisher is running off page, make sure they are linking to the HTTPS version of PubGuru Header Bidding (m2hb). If you do not do this, no ads will load and no error will appear because none of our code can run. Browser security prevents us from changing this. Example: https://m2.m2d.ai/m2hb.config.js
If the publisher is running on page, no changes are necessary.