Fixing SSL issues with ads by implementing a Content Security Policy (CSP)
Rarely there are upstream ads being served that contain tracking pixels and other assets requested over http instead of https. Without a Content Security Policy on your website, these assets will load and the user will see a warning that their connection is insecure. Since this warning is pretty alarming to the average user, we highly recommend setting up a CSP.
Basic implementation
The simplest way to get a CSP rule on your website that will prevent these SSL errors is to place the following meta tag in the <head> of your pages.
<meta http-equiv="Content-Security-Policy" content="block-all-mixed-content" />
Advanced implementation
More advanced users can implement CSP rules server side by writing a response header. The process of doing this varies service to service, but we’ve outlined some popular ones below;
- AWS/CloudFront
- Cloudflare
- nginx
- Within
server{}add_header Content-Security-Policy "block-all-mixed-content";
- Within
- Apache
- Within
.htaccessorVirtualHostHeader set Content-Security-Policy "block-all-mixed-content"
- Within
Categories
Recent Posts
- Publisher Newsletter: In-View Refreshing, TCF 2.2 Update, & Upcoming 2024 Changes December 6, 2023
- News Round-up: Google’s Privacy Sandbox & AI Content Creation October 25, 2023
- Publisher Newsletter: Introducing NitroDex, Rate Increases, Referrals & More September 13, 2023
- News Round-up: Privacy Standards, Floor Bidding Tactics, & More September 6, 2023
- News Round-up: Advertising Effectiveness Study, Pros & Cons of MFAs, AI Mining August 16, 2023