• How it works
  • Features
  • Partners
  • Blog
  • Sign up
  • Client Area
Web Monetization Blog > Optimization > Fixing SSL issues with ads by implementing a Content Security Policy (CSP)

Fixing SSL issues with ads by implementing a Content Security Policy (CSP)

Rarely there are upstream ads being served that contain tracking pixels and other assets requested over http instead of https. Without a Content Security Policy on your website, these assets will load and the user will see a warning that their connection is insecure. Since this warning is pretty alarming to the average user, we highly recommend setting up a CSP.

Basic implementation

The simplest way to get a CSP rule on your website that will prevent these SSL errors is to place the following meta tag in the <head> of your pages.

<meta http-equiv="Content-Security-Policy" content="block-all-mixed-content" />

Advanced implementation

More advanced users can implement CSP rules server side by writing a response header. The process of doing this varies service to service, but we’ve outlined some popular ones below;

  • AWS/CloudFront
  • Cloudflare
  • nginx
    • Within server{}
      • add_header Content-Security-Policy "block-all-mixed-content";
  • Apache
    • Within .htaccess or VirtualHost
      • Header set Content-Security-Policy "block-all-mixed-content"

Categories

  • Compliance
  • Editorial
  • Metrics
  • News
  • Optimization
  • Press Release
  • Publisher Newsletter
  • Seasonal
  • Tips & Information
  • Viewability

Recent Posts

  • NitroPay is Hiring! July 2, 2022
  • Fixing SSL issues with ads by implementing a Content Security Policy (CSP) June 4, 2022
  • NitroPay’s Statement on Russia’s Invasion of Ukraine March 18, 2022
  • Harness the Power of First-Party ID and Contextual Targeting February 21, 2022
  • How Data Privacy Shifts Are Impacting Digital Marketing January 28, 2022
© GG Software, LP
Privacy Policy | Terms of Use | Contact us