Google Ads doesn't support HTTPS. What alternatives are there?

Question

It's pretty well known that Google Ads doesn't support HTTPS, but since I store my user's session in a bearer token/cookie I feel the need to encrypt this information... at a minimum so I can protect my end users from being hacked.

What are my choices? I'm sure someone has come across this before. Ideas that may work include

• Changing how I do website membership
• Using something else other than AdSense (MSN?, anyone else)
• Complaining to Google that I can't track my users if AdSense is on
• Finding a different way to monetize my site (aka changing my business model)

Answer 1

What happens if you use this URL for calling adsense

https://pagead2.googleadservices.com/pagead/show_ads.js

Instead of

http://pagead2.googlesyndication.com/pagead/show_ads.js

?

Looks like it's delivering the same script, you just have to check if it can retrieve your page content to deliver contextual ads.

This is undocumented. Just adding "s" in the classic URL gives a certificate error because the domain of the certificate is *.googleadservices.com, hence the final URL i propose. This is of course untested, but I'm curious to know if it could work.

EDIT: The content is delivered but I can't see if I get any warning because the certificate on my test website in not trusted: https://uandco.net/

EDIT: I'm now using a real certificate on the same URL but browsers are complaining about unsecured items. This is because the adsense script, even when called from its https URL, generates unsecured http calls to other scripts and iframes.

Answer 2

The answer I have utilised for a client's website is to move from AdSense to DoubleClick for Publishers Small Businesses. This is another Google run system and even if you don't use it to manage advertising campaigns, it falls back to your AdSense account to serve up adverts.

Google provides the code for you, but it uses a "catch-all" insertion of it's code that operates regardless of HTTPS or HTTP.

<script type='text/javascript'>
    (function() {
        var useSSL = 'https:' == document.location.protocol;
        var src = (useSSL ? 'https:' : 'http:') +
            '//www.googletagservices.com/tag/js/gpt.js';
        document.write('<scr' + 'ipt src="' + src + '"></scr' + 'ipt>');
   })();
</script>

Source: http://support.google.com/dfp_sb/bin/answer.py?hl=en&answer=143694