VAST-2.0-url-invalid: URL field does not appear to be a valid URI

Q: How do I fix VAST-2.0-url-invalid?

Ensure the URL includes a valid protocol (`https://`), has no unencoded spaces, and uses properly escaped special characters (e.g. `&` for `&`).

VAST-2.0-url-invalid

URL field does not appear to be a valid URI

WarningSecurityIAB VAST 2.0 §2VAST 2.0 and later (all versions)

Short answer

The value of a URL field does not conform to the URI syntax (RFC 3986). Common causes: unencoded spaces, missing protocol, or misplaced CDATA markers. The player may fail to fetch the resource.

Why this matters in production

This rule is a strong risk signal. Tags with this issue often still parse, but they become brittle across SDKs, SSAI resolvers, and CTV environments. Security rules show up most often on mobile, CTV, and browser runtimes that enforce HTTPS, mixed-content blocking, or stricter asset loading than desktop test environments. Affected scope: VAST 2.0 and later (all versions).

How to fix

Ensure the URL includes a valid protocol (https://), has no unencoded spaces, and uses properly escaped special characters (e.g. & for &).

Check your VAST tag for VAST-2.0-url-invalid and other issues instantly.Validate a tag →

Other Security rules

VAST-2.0-mediafile-https<MediaFile> URL uses HTTP instead of HTTPS VAST-2.0-tracking-httpsTracking or click URL uses HTTP instead of HTTPS VAST-2.0-url-emptyURL field is empty

VAST-2.0-url-invalid

Why this matters in production

Related docs

Other Security rules