While we and our ad partners do our best to make sure all advertisements are SSL-compatible, an occasional bad egg slips through the review crack. Unfortunately, all it takes is one insecure request to break that pretty green secure lock in the address bar and possibly compromise your site's security. Luckily, there's a solution - setting a Content Security Policy.
A Content Security Policy, or a CSP, can tell the web browser what to do when it runs into an insecure request. We recommend setting a CSP to "block-all-mixed-content" so that the web browser will automatically ignored any parts of an advertisement that attempt to load insecurely. This way you'll to get a green secure logo and the ad simply won't render. While this isn't ideal, it's certainly preferred to a broken site.
So how do you enabled this CSP? There's 2 ways:
- Preferred: Send a HTTP Header Response of "Content-Security-Policy: block-all-mixed-content" from your server. We recommend asking your tech person to set this up. If you happen to be running the Mediavine Control Panel plugin, you can enable setting "Block Insecure Assets," which will set this up automatically for you.
- If you don't have access to your server, such as with a hosted platform like Blogger, SquareSpace, etc. the next best alternative is to set a meta tag. You can do this by putting the following code anywhere between your
<meta http-equiv="Content-Security-Policy" content="block-all-mixed-content" />