Banners Not Delivering over SSL

Symptoms

Banners deliver over HTTP, but will not deliver over SSL (HTTPS).

Troubleshooting Process

Step 1: Check for HTML Banners with HTTP Content

Ensure that your HTML banners don’t include any content (like images or CSS files) served over HTTP. OpenAD Protocol excludes any banners with HTTP content when delivering over HTTPS to avoid warnings from browsers about mixed content.

Step 2: Solution

Update your HTML banners to use HTTPS for all included content, ensuring seamless delivery on HTTPS-enabled pages.

Step 3: Check for HTTP to HTTPS Server Redirects (3xx) when using the Asynchronous JS Tag

When using the "Asynchronous JS Tag" for delivery, check if the issue is related to enforcing SSL on an HTTP page. The Asynchronous JS Tag automatically uses the same protocol (HTTP or HTTPS) as the page where it’s embedded:

• If placed on an HTTP page, the tag will connect to your OpenAD Protocol instance using HTTP.

• If your OpenAD Protocol returns an HTTP 3xx response code, indicating a redirect to HTTPS, this will not work.

The Asynchronous JS Tag first calls OpenAD Protocol to retrieve data which is required to update the tag placeholder, so that the relevant banner can be loaded. For this to work, OpenAD Protocol returns some Cross-Origin Resource Sharing (CORS) headers.

However, most browsers will perform the request to the Asynchronous JS Tag as a CORS preflight request. The specification for CORS forbids the processing of 3xx redirects. This means that an Asynchronous JS Tag embedded on an HTTP page must be able to access OpenAD Protocol's sdkloader.js script over HTTP.

If you have configured your webserver to enforce the use of SSL by redirecting requests over HTTP to HTTPS, then your options are:

• Ensure that your Asynchronous JS Tag is only ever embedded on sites delivered using SSL;

• Disable the redirection to SSL for the sdkloader.js script, so that this can be accessed via both HTTP and HTTPS; or

• Use a different tag type.