VAST-2.0-tracking-https: Tracking or click URL uses HTTP instead of HTTPS

Q: How do I fix VAST-2.0-tracking-https?

Replace `http://` with `https://` in all tracking and click-through URLs.

VAST-2.0-tracking-https

Tracking or click URL uses HTTP instead of HTTPS

InfoSecurityIAB VAST 2.0 §2VAST 2.0 and later (all versions)

Short answer

Tracking and click-through URLs served over plain HTTP will be blocked in mixed-content environments. This means impressions and events go unreported. Upgrade all tracking URLs to HTTPS.

Why this matters in production

This rule is advisory rather than fatal, but it still matters for portability, debugging speed, and keeping tags predictable across different buyers and playback stacks. Security rules show up most often on mobile, CTV, and browser runtimes that enforce HTTPS, mixed-content blocking, or stricter asset loading than desktop test environments. Affected scope: VAST 2.0 and later (all versions).

How to fix

Replace http:// with https:// in all tracking and click-through URLs.

Check your VAST tag for VAST-2.0-tracking-https and other issues instantly.Validate a tag →

Other Security rules

VAST-2.0-mediafile-https<MediaFile> URL uses HTTP instead of HTTPS VAST-2.0-url-emptyURL field is empty VAST-2.0-url-invalidURL field does not appear to be a valid URI

VAST-2.0-tracking-https

Why this matters in production

Related docs

Other Security rules