We value our partnership and want to notify you of an important upcoming change for third party ad serving (3PAS) to Google owned and operated properties, including YouTube.

To provide greater security and ensure the privacy for our users, all ads, whether display or in-stream video, that are served to signed-in Google users must be Secure Socket Layer (SSL) compliant no later than January 15, 2013. After this date, the amount of inventory available on Google properties to non-SSL compliant buyers will be limited.


  • DoubleClick Ad Exchange (AdX) buyers must declare that a 3PAS ad is SSL-compliant via Real-Time Bidding (RTB) in the BidResponse or the AdX UI 
  • All 4th-party calls to other technologies must be made from SSL-compliant vendors that have been certified by Google 
  • All video companion banner ads must be SSL-compliant 

Note that if an ad is declared as SSL-compliant but makes any non-SSL-compliant responses, the ad will be disapproved.

RTB Protocol
To identify inventory requiring an SSL-compliant response, the excluded_attribute field (BidRequest.AdSlot.excluded_attribute) will include the value 48, which represents the RichMediaAdsVendor: RichMediaCapabilityNonSSL creative attribute from the dictionary file creative-attributes.txt. If the creative attribute value 48 is not present in the excluded_attribute field, both SSL-compliant and non-SSL-compliant ads can be returned. You should use this field to ensure that your ad serving technology responds properly to bids. This field will be present in BidRequests for both display and in-stream video ads.

User Interface
For 3PAS ads, there will be an additional checkbox in the Ad Exchange UI to declare that an ad is capable of serving both SSL and non-SSL ads. This checkbox will be available soon for both display and in-stream video 3PAS ads and will be un-checked by default.

For non-3PAS ads, there are no changes in the UI.

In-Stream Video
In addition to the above changes, there are specific changes that must be made for In-Stream Video ads to be eligible for SSL inventory:

  • VAST: All VAST (Inline and Wrapper) URLS must serve over HTTPS when the ad request is made with HTTPS. 
  • Media and tracking URLs: All tracking pixels and creative assets (including media files) must serve over HTTPS when the VAST URL is served over HTTPS. 
  • Companion ads: All Companion banners, including any 4th-party calls, must serve over HTTPS when the VAST URL is served over HTTPS.

We understand that this change places additional burden on your team and we will do our best to help you through this process. In the interim, please do not hesitate to contact your Google technical account manager with any questions.

Posted by the Ad Exchange Team