How do I fix VAST-2.0-mediafile-https?

Replace `http://` with `https://` in the ` ` URL.

VAST-2.0-mediafile-https: <MediaFile> URL uses HTTP instead of HTTPS

VAST-2.0-mediafile-https

<MediaFile> URL uses HTTP instead of HTTPS

InfoSecurityIAB VAST 2.0 §2.4.1VAST 2.0 and later (all versions)

Short answer

Modern browsers and CTV devices enforce mixed-content policies that block plain HTTP resources loaded from an HTTPS page. Serving media over HTTP will cause silent failures in most modern environments. Upgrade to HTTPS.

Why this matters in production

This rule is advisory rather than fatal, but it still matters for portability, debugging speed, and keeping tags predictable across different buyers and playback stacks. Security rules show up most often on mobile, CTV, and browser runtimes that enforce HTTPS, mixed-content blocking, or stricter asset loading than desktop test environments. Affected scope: VAST 2.0 and later (all versions).

How to fix

Replace http:// with https:// in the <MediaFile> URL.

Check your VAST tag for VAST-2.0-mediafile-https and other issues instantly.Validate a tag →

Other Security rules

VAST-2.0-tracking-httpsTracking or click URL uses HTTP instead of HTTPS VAST-2.0-url-emptyURL field is empty VAST-2.0-url-invalidURL field does not appear to be a valid URI

VAST-2.0-mediafile-https

Why this matters in production

Related docs

Other Security rules