How do I fix the VPAID error "VPAID-url-not-https"?

Change the VPAID script URL to HTTPS. If migrating to SIMID, the URL must also be HTTPS.

VPAID-url-not-https

VPAID script URL must be HTTPS

ErrorSecurityIAB VPAID 2.0 §3.1, IAB VAST 4.0 §2.3

The VPAID script URL inside a element is HTTP, not HTTPS. Modern browsers block mixed-content loads — an HTTP script on an HTTPS page will not execute. Most programmatic environments and publishers also enforce HTTPS at the ad server level. An HTTP VPAID URL will result in a blank ad slot on most inventory.

Why this matters in production

Treat this as a hard compatibility failure. A VPAID rule that rises to error level is usually the difference between a runnable creative and a blank slot. Security issues are usually enforced by the runtime rather than the ad server. That means they often look fine in XML review and then fail when the player tries to load the script.

How to fix

Change the VPAID script URL to HTTPS. If migrating to SIMID, the <InteractiveCreativeFile> URL must also be HTTPS.

Invalid

<MediaFile delivery="progressive" type="application/javascript"
           apiFramework="VPAID" width="1280" height="720">
  <![CDATA[http://example.com/vpaid.js]]>
</MediaFile>

Valid

<MediaFile delivery="progressive" type="application/javascript"
           apiFramework="VPAID" width="1280" height="720">
  <![CDATA[https://example.com/vpaid.js]]>
</MediaFile>

Check your VAST tag for VPAID-url-not-https and other issues instantly.Validate a tag →

Other Security rules

VPAID-ssai-incompatibleVPAID is incompatible with SSAI (server-side ad insertion)

← All VPAID rules SIMID rules (migration target) →

VPAID-url-not-https

Why this matters in production

Related docs

Other Security rules