A SIMID interactive resource served over HTTP

VAST 4.11 error1 warningSIMID-1.0-simid-url-https

The scenario

A brand ran an interactive shoppable CTV unit built with SIMID (the Secure Interactive Media Interface Definition that replaced VPAID) so viewers could browse products with their remote. The interactive layer is loaded by the player from a URL in the InteractiveCreativeFile.

The broken tag

<?xml version="1.0" encoding="UTF-8"?>
<!-- Fixture: SIMID InteractiveCreativeFile with http:// URL (must be https://)
     Expected rule: SIMID-1.0-simid-url-https (Error) -->
<VAST version="4.1">
  <Ad id="1">
    <InLine>
      <AdSystem>Test AdServer</AdSystem>
      <AdServingId>simid-http-test-01</AdServingId>
      <AdTitle>SIMID HTTP URL Test</AdTitle>
      <Impression><![CDATA[https://track.example.com/imp]]></Impression>
      <Creatives>
        <Creative id="1">
          <UniversalAdId idRegistry="ad-id.org">simid-http-01</UniversalAdId>
          <Linear>
            <Duration>00:00:30</Duration>
            <MediaFiles>
              <MediaFile delivery="progressive" type="video/mp4" width="1920" height="1080">
                <![CDATA[https://cdn.example.com/ad.mp4]]>
              </MediaFile>
              <!-- http:// URL will be blocked by mixed-content policies -->
              <InteractiveCreativeFile apiFramework="SIMID" type="text/html">
                <![CDATA[http://creative.example.com/simid.html]]>
              </InteractiveCreativeFile>
            </MediaFiles>
          </Linear>
        </Creative>
      </Creatives>
    </InLine>
  </Ad>
</VAST>

<?xml version="1.0" encoding="UTF-8"?>
<!-- Fixture: SIMID InteractiveCreativeFile with http:// URL (must be https://)
     Expected rule: SIMID-1.0-simid-url-https (Error) -->
<VAST version="4.1">
  <Ad id="1">
    <InLine>
      <AdSystem>Test AdServer</AdSystem>
      <AdServingId>simid-http-test-01</AdServingId>
      <AdTitle>SIMID HTTP URL Test</AdTitle>
      <Impression><![CDATA[https://track.example.com/imp]]></Impression>
      <Creatives>
        <Creative id="1">
          <UniversalAdId idRegistry="ad-id.org">simid-http-01</UniversalAdId>
          <Linear>
            <Duration>00:00:30</Duration>
            <MediaFiles>
              <MediaFile delivery="progressive" type="video/mp4" width="1920" height="1080">
                <![CDATA[https://cdn.example.com/ad.mp4]]>
              </MediaFile>
              <!-- http:// URL will be blocked by mixed-content policies -->
              <InteractiveCreativeFile apiFramework="SIMID" type="text/html">
                <![CDATA[http://creative.example.com/simid.html]]>
              </InteractiveCreativeFile>
            </MediaFiles>
          </Linear>
        </Creative>
      </Creatives>
    </InLine>
  </Ad>
</VAST>

What the validator reports

Running this tag through vastlint produces the following. The primary failure for this example:

errorSIMID-1.0-simid-url-httpsIAB SIMID 1.0 §3.1line 21

<InteractiveCreativeFile apiFramework="SIMID"> URL must use HTTPS — HTTP will be blocked in secure contexts

The same tag also surfaces these secondary findings — real tags rarely fail in isolation:

warningVAST-2.0-linear-tracking-quartilesIAB VAST 4.1 §3.14.2line 14

<Linear> has no standard quartile tracking events (start/firstQuartile/midpoint/thirdQuartile/complete) — ad will serve but measurement system receives no signal

infoVAST-4.1-mezzanine-recommendedIAB VAST 4.1 §3.9.2line 16

<MediaFiles> has no <Mezzanine> — ad-stitching servers may reject this tag in CTV/SSAI contexts

Why it breaks

The SIMID InteractiveCreativeFile points at an http:// URL. SIMID requires its interactive resources to be served over HTTPS — the whole point of the standard is a sandboxed, secure interactive layer. Modern players run inside secure contexts and refuse to load mixed (insecure) content, so an HTTP SIMID resource is blocked before it can initialize.

What it costs

The interactive experience simply never loads: the viewer sees the base video but none of the shoppable functionality the campaign paid a premium for, and the engagement metrics that justify the buy come back empty. Because the base MediaFile still plays, dashboards show delivery while the actual product — interactivity — is silently disabled.

The fix

Serve every SIMID resource (and all tracking and click URLs) over HTTPS. Host the interactive bundle on a TLS endpoint and update the InteractiveCreativeFile URL accordingly.

<InteractiveCreativeFile type="text/html" apiFramework="SIMID">
  <![CDATA[https://cdn.example.com/simid/shoppable.html]]>
</InteractiveCreativeFile>

<InteractiveCreativeFile type="text/html" apiFramework="SIMID">
  <![CDATA[https://cdn.example.com/simid/shoppable.html]]>
</InteractiveCreativeFile>

Check your own version of this tag

Paste the resolved XML to run the same spec check, test a live tag URL, or inspect the wrapper chain hop by hop.

Validate this XML →Test this live URL →Inspect this wrapper chain →

Related examples

A SIMID creative with no fallback <MediaFile> — VAST-2.0-linear-mediafiles
A SIMID InteractiveCreativeFile with no type — SIMID-1.0-simid-type-required
An <InteractiveCreativeFile> with no apiFramework — VAST-4.0-interactive-creative-no-api
A SIMID variableDuration with an invalid value — SIMID-1.0-simid-variable-duration-value