Read Time: 6 minutes
Lately we’ve been getting lots of questions about what exactly SSL is, and how to turn it on for AdButler. I figured we’d get some easy info out there for everyone.
Secure zone tags are created by checking off the “Use Secure Tags” option. But it’s more complicated than that. SSL and security are only going to get more and more important in advertising, so today we’re going to go over SSL and what it (and all its synonyms) mean.
Don’t worry, this isn’t going to be a technical article. I’m not going to break down certificates and different versions of SSL (TSL) or anything like that. This is a basic write up, and should be enough to get you going.
To start, I’m saying SSL, but you may have heard of these things as well:
- Secure websites
- Secure Sockets Layer (SSL)
All of these terms mean a website has some sort of security. SSL is actually not even in vogue anymore (the newest version is known as TSL), but it’s still the most common term for the technology used. Here’s how it basically works:
When you’re browsing a website and you submit a form, click on a link, or login to the website, you are sending information to the website, called a request, and it’s responding with what you want (a new web page, your account information, etc.) That’s what we call the internet.
Normally, the information being sent back and forth is unencrypted. In other words, if someone was to look at the message you’re sending to the website they could tell exactly what you’re asking for. Think of it as digital eavesdropping. The person listening in could learn all your secrets just like that, which is not what you want when you’re typing in credit card details, or your password, or any other personal information.
A secure website (using SSL) is meant to stop this. When a site is secure all the data being sent back and forth is encrypted in some way. Instead of sending “Password: 1234”, it might become “50617373776f72643a2031323334”. Your message could still be intercepted, but now it’s in a secret language only you and the website know.
To break down those terms from before, a website uses SSL (TSL) to become secure. To prove they’re secure, a website needs a certificate (usually from a verified source) and SSL usage is signified by a secure protocol (HTTPS).
Who Uses SSL?
You’ll know you’re on a secure website because the URL has HTTPS beside it (as opposed to HTTP), and sometimes you’ll see a lock or other cue. You can usually throw that ‘s’ onto the HTTP of a website URL to be directed to their secure version (if they have one). However, not all websites have secure versions and sometimes their secure version might be on a different domain (which is why AdButler’s secure tags use servedbyadbutler.com and not the custom domain unique to your account).
SSL is a good thing, and all websites should use it, right? Google agrees, having increased the importance of secure connections for SEO in the past few years. In fact, they’re pushing hard for every website to be served over SSL soon, and progress is being made. It’s easier than ever to get an SSL certificate, and most web hosts have done an incredible job simplifying the process.
The problem comes when you mix secure with non-secure.
Let’s give an example. The image below is loaded from an insecure place. If you’re looking at this blog post on our insecure domain, it’ll show up fine. But if you load up our blog over SSL (https://blog.adbutler.com/good-advertising-whats-ssl/), might see a missing box. If you open the developer console on your browser now you should see an error letting you know that a secure website tried to access an insecure resource. You can use secure resources on non-secure websites, but you can’t do the opposite.
Why Isn’t Every Site Secure?
The issue with being a secure website is everything needs to be secure, which is why we’re talking about it on an advertising blog. More often than not, a piece in an ad chain isn’t secure. Unless you’re working with direct sold, you can’t control the ad chain. Publisher or advertiser, there is always a chance with programmatic for a non-secure piece to slip through. This lack of control is making it really hard for websites that rely on advertising to make the switch. A quick search will show both big and small publishers reporting huge drops in revenue when they switched to SSL (from 30% to 75% in some cases), even when working with exchanges that support SSL (like AdX and AppNexus). This makes it really hard to make an argument for switching (the same search shows a bunch of people talking about switching back from SSL/HTTPS/Secure).
Every Site Should Be Secure!
Things are getting better, though.
As more and more websites migrate, some exchanges are starting to require all ad tags be secure, which is a good start. And, as I said at the top, AdButler supports SSL on all our ad tags, so if you’re sending zone tags to someone, it is an option. In fact, if you are working directly with someone, there’s no reason to not use secure zone tags, as they’ll still work on insecure websites. It’s just an option you have to check off when grabbing the tags. If you always use SSL, you won’t have to worry about breaking a secure page somewhere down the line.
Basically, SSL is a great technology that one day all websites will use (or some form of it). We’re slowly getting there, but the ad chain is a huge hurdle. We can all do our part, and we are, but it’s important to understand that making the switch to SSL is hard and more work than just going to Let’s Encrypt.