SSL Testing FAQ

This applies to DSPs.


When switching to secure creatives for ATS compliance on iOS 9, we recommend the following steps to test your SSL creatives:

  1. Check that your bidder is reading the secure flag:
    • Open RTB 2.3:
  2. Check that your bidder is responding with secure creatives when the secure flag = 1
  3. Ensure that all URLs in your creative use https rather than http.
  4. Click URLs and landing pages do not need to be https, but please ensure there are no redirects in your click URLs that make a transition from https to http or http to https, as this is not considered secure.
  5. Test your creatives through the testing process to ensure that the ads render, and click through and that all click and impression trackers are firing. NOTE: You may have to reach out to your account team to enable your account for Native and Video testing.
    • NOTE: If you are testing SSL creatives on Android, please use this Android APK, which includes SSL support, instead of the SDK linked in step 4b of the testing page.
  6. Make sure to test creatives of all sizes and formats including VAST, MRAID and Native on both iOS and Android
  7. When SSL traffic begins to ramp up, check that your performance metrics (clear rates, clickthrough rate, conversion rate, etc.) are in line with what you saw before the transition to SSL

This article applies to all demand partners and vendors. As you prepare your bidder to send secure creatives to comply with iOS9 ATS requirements, please review the following FAQ.


What changes need to be made to the bid response to be SSL compliant?

The creative (including references to 3rd party vendor tags) and all trackers must be secure. It is okay to redirect to non-SSL landing pages however redirects from HTTPs to HTTP prohibited. Please use a full https chain or only leverage an http click URL.

The following trackers should be secure:

  • RTB 2.3: imptrackers

What happens if I don’t update to secure creatives?

We are working with publishers to disable ATS so that their apps will continue to accept non-secure responses properly. However, over time, there will be less inventory available to non-secure responses as publishers adopt ATS.

What happens if my imptracker is not secure?

If you are responding with a non-secure imptracker to a request where secure=1, you run the risk of not having the imptracker fire properly.

What happens with MRAID vendors and other 3rd party creative vendors?

We are working with vendors and encouraging them to transition to a secure buying method. However, it is the responsibility of DSPs to work with their creative vendors to ensure secure creative content.

If my ad markup is from a 3rd party vendor – how will this impact the creative?

The 3rd party vendor must support SSL and provide secure creative.

Should I assign a new Creative ID for SSL compliant creatives?

Yes – we strongly recommend you use difference Creative ID for SSL compliant creatives for easy troubleshooting.

When do I begin seeing SSL bid requests?

All MoPub inventory now includes a secure flag in the RTB bid request (RTB 2.3: By November 18th, partners should be responding to any request with a secure flag equal to 1 with secure creatives.

What happens if I serve an SSL ad to a request with a false secure flag?

Assuming all SSL certificates are valid, the ad will run in auctions normally.

What if some of the third-party tracking URLs do not use https://?

The creative will not render correctly. Until you confirm that all vendors you work with are SSL-compliant, refrain from dynamic insertion of third-party tracking URLs. We recommend testing creatives with the MoPub Sample Demo App prior to serving on the exchange.

Last updated May 18, 2020

TWITTER, MOPUB, and the Bird logo are trademarks of Twitter, Inc. or its affiliates. All third party logos and trademarks included are the property of their respective owners.

© 2020 MoPub (a division of Twitter, Inc.)