Google Ads doesn't support HTTPS. What alternatives are there?
https://stackoverflow.com/questions/3485897
-
28-09-2019 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
It's pretty well known that Google Ads doesn't support HTTPS, but since I store my user's session in a bearer token/cookie I feel the need to encrypt this information... at a minimum so I can protect my end users from being hacked.
What are my choices? I'm sure someone has come across this before. Ideas that may work include
- Changing how I do website membership
- Using something else other than AdSense (MSN?, anyone else)
- Complaining to Google that I can't track my users if AdSense is on
- Finding a different way to monetize my site (aka changing my business model)
Solution
AdSense now supports HTTPS. Just remove the "http:" portion of the ad code.
OTHER TIPS
What happens if you use this URL for calling adsense
https://pagead2.googleadservices.com/pagead/show_ads.js
Instead of
http://pagead2.googlesyndication.com/pagead/show_ads.js
?
Looks like it's delivering the same script, you just have to check if it can retrieve your page content to deliver contextual ads.
This is undocumented. Just adding "s" in the classic URL gives a certificate error because the domain of the certificate is *.googleadservices.com, hence the final URL i propose. This is of course untested, but I'm curious to know if it could work.
EDIT: The content is delivered but I can't see if I get any warning because the certificate on my test website in not trusted: https://uandco.net/
EDIT: I'm now using a real certificate on the same URL but browsers are complaining about unsecured items. This is because the adsense script, even when called from its https URL, generates unsecured http calls to other scripts and iframes.
The answer I have utilised for a client's website is to move from AdSense to DoubleClick for Publishers Small Businesses. This is another Google run system and even if you don't use it to manage advertising campaigns, it falls back to your AdSense account to serve up adverts.
Google provides the code for you, but it uses a "catch-all" insertion of it's code that operates regardless of HTTPS or HTTP.
<script type='text/javascript'>
(function() {
var useSSL = 'https:' == document.location.protocol;
var src = (useSSL ? 'https:' : 'http:') +
'//www.googletagservices.com/tag/js/gpt.js';
document.write('<scr' + 'ipt src="' + src + '"></scr' + 'ipt>');
})();
</script>
Source: http://support.google.com/dfp_sb/bin/answer.py?hl=en&answer=143694
Option 3 won't do anything, #4 could be a lot of work, #2.. AdSense is still king.
That leaves option 1 - simplest option in my opinion. Are you using any frameworks?
Edit: another option would be to just continue serving them over HTTP and dealing with the various browser errors and warnings.
When I wrote the original response I was thinking of using something like Open ID but on second thought I'm not sure that'll do anything for you.
Just the poor man's solution: Opening a new HTTP window with all the AdSense stuff...
Yes, it stinks, but it should not be too difficult to be implemented with a bit of JS magic.
Regards.
