
HTTPS Results in 7% Google AdX Revenue Drop - thomasfromcdnjs
http://blog.rome2rio.com/2016/04/18/https-results-in-7-google-adx-revenue-drop/
======
Guest98123
I saw an instant 30% drop in revenue when switching my site to HTTPS in April.
The implementation was done right, A+ rating from ssllabs, Google reindexed my
main pages as HTTPS within a matter of hours, search traffic and overall
traffic remained unchanged.

I poked around on my AdSense account to see where I was losing the revenue,
since AdSense was still displaying the same number of impressions. It turned
out I was seeing a 75% drop in CPC impressions, and AdSense was running low
paying CPM impressions instead.

[http://i.imgur.com/acy2k0u.png](http://i.imgur.com/acy2k0u.png)

That's a graph of daily CPC impressions on my account. It's obvious when I
switched to HTTPS. That was over a month and a half ago. It hasn't bounced
back.

I'm faced with a difficult decision now; whether to go back to HTTP and inform
the community we're going to a less secure system for increased ad revenues,
or I need to accept a 30% drop in my yearly income, and hope the situation
improves as more networks switch to HTTPS.

~~~
brobinson
>whether to go back to HTTP

If you do this, be careful of the HSTS header. You'll want to remove this from
responses for a while before you flip everyone back to HTTP because their
browsers will refuse to send HTTP requests during the specified period or
until the next time they clear their browsing data.

If you don't have a lot of returning visitors, it matters less, but still
something to be aware of.

~~~
aussiegeek
Removing the HSTS header won't help, as your browser will store this data, and
IIRC it's not stored in cache, so clearing won't help.

You can however send the HSTS header with max-age=0 which will start clearing
it for existing users

~~~
brobinson
Good tip about max-age=0! I didn't realize you could do that.

------
adsAreAScourge
How does this work (economically)? Based on this subthread:
[https://news.ycombinator.com/item?id=11804689](https://news.ycombinator.com/item?id=11804689)
it seems that the mechanism is:

HTTPS site can't load resources over HTTP (due to security) -> only those
advertisers who support HTTPS can place bids for HTTPS-only sites (and not all
do) -> the smaller number of bids results in lower ad revenue

However, as also noted there, the advertisers who do support HTTPS should
preferentially bid for impressions on HTTPS-only sites, since the price per
view (or per click etc), is lower. Importantly, they should continue doing
this (raising the price of adverts on HTTPS-only pages, due to the increased
demand), until the price per click etc. is the same for HTTPS-only and
"normal" sites. Why does this not happen?

i) The simple model above is overly simplistic, and I don't actually
understand the situation,

ii) The marginal costs of serving HTTPS ads and HTTP ads are not the same
(though why would that be — the server overhead for HTTPS is marginal) or the
the revenue from HTTPS vs. HTTP ads is lower (but again, why?),

iii) The time-frame is too short(?),

iv) Advertisers are turning down free money (highly unlikely).

~~~
nitwit005
Isn't it simply a question of competition? If some advertisers can't support
HTTPS, that means there are fewer bidders for HTTPS content. That should
result in a lower price.

They are also bidding on what's presumably a shrinking pie of HTTP ad space.
If the volume available to buy has dropped considerably, that may also be
driving up the price of HTTP ad views.

~~~
eru
Yes. But this very effect should drive https adoption for the advertisers. The
grandparent comment was exactly wondering why this doesn't seem to be
happening (enough).

------
blubb-fish
I think this is b/c almost all ad tags are loaded via HTTP.

The browser won't hand over the refer(r)er information from HTTPS to HTTP!

This lack of information causes a lower valuation of the inventory b/c the
third-party ad networks (which are determined via AdX by an auction) don't
know what they are bidding for.

I'm not exactly sure about the precise causation but I think this is the
reason for that drop.

------
pixelcort
If this is true, then advertisers have a temporary incentive to support HTTPS:
it is currently relatively cheaper for them until more advertisers also
support HTTPS.

------
kbar13
can someone explain why ad networks seem to be lagging behind modern web best
practices? For example, terrible flash ads, ads that break the site they're
displayed on, lack of HTTPS, malware, etc? And also why a company with a
better engineering team hasn't been able to successfully take advantage of
these weaknesses and corner the market?

~~~
ojii
The venn diagram of people caring about web best practices and people running
adblockers is a circle, so there's no reason for ad networks to change
anything.

~~~
btown
To be fair, this ignores the thousands of software engineers in ad tech.

~~~
GauntletWizard
Having worked in ad tech, I didn't know anybody who wasn't running an
adblocker in their primary browser.

~~~
cpeterso
I heard that Google had to rename some CSS names on their ad management portal
(that understandably had names that began with "ad") to unbreak it when Google
customers using adblockers were trying to manage their own ad accounts.

------
wittedhaddock
HTTPS also increases the page load time, and there's plenty research that
shows the relationship between latency and CTRs.

I'd like to add a shameless plug by noting that I'm working on a project that
renders performance and security much of a false dichotomy within native iOS
applications. We hope to incentivize the capitalists in the room to secure
their applications by coincidence of making them faster. Caffeine:
[http://www.caffei.net/](http://www.caffei.net/)

------
jakozaur
Maybe a significant percentage of ad clicks are fraudulent and "more
sophisticated" technologies like https break malicious traffic? I couldn't
come up with alternative plausible explanation.

I believe this situation also shows weird dynamics with fighting adfraud. In
general too much fraud can crash ad click economy, but on micro scale a lot of
actors indirectly benefit from it so they don't have incentive to fight with
it strongly. Especially if most automated way of fighting bots will also
affect legitimate traffic (e.g. captcha for real users).

I would say real world analogy is oil prices and OPEC. Or more classical
analogy is prisoner's dilemma. Individual actor incentives are different than
best solution for the whole ecosystem.

~~~
phasmantistes
I don't think fraud is a driving cause here.

The real cause is downgrade protection. When your browser loads an HTTPS page,
it will refuse to load (or at least warn when loading) any other resources
over HTTP: js, css, iframes, etc.

This is to ensure that the icon you see in your URL bar is actually accurate:
if a page loads over HTTPS, but consists entirely of a single HTTP iframe,
that nice green lock is totally meaningless.

So when the OP switched their site to HTTPS-only, they lost the ability to
ever display any from HTTP-only bidders. So the set of people bidding on their
ad slots went down, the price went down, and their revenue went down.

~~~
dredmorbius
That is an excellent and counterintuitive but logically sound market-response
explanation for the behavior.

I'm trying to think of how Google can attempt remedying this, with the more
obvious options being to either increase the non-HTTPS search penalty, or
perhaps to buy up some of the ad stock itself.

------
stock_toaster
I read a while back that something like for every $3 in ad revenue, $1 of that
was fraud.

Maybe https is just breaking some fraud bots?

~~~
dhimes
I'm convinced that on what _I_ spend, the fraction is way more than 1/3; I
think it might be north of 2/3\. The clicks on and off the page are just way
too quick and consistently so for it to be a human. That said, I'm not sure
that's what's happening here.

~~~
ori_b
Au least on mobile, often I will accidentally hit an ad, and immediately back
out as soon as possible

~~~
dhimes
Yes- mobile is a disaster. I can't imagine anybody profitably advertising on
mobile. I've asked this group before and basically nobody has ever
deliberately clicked a mobile ad (one guy said he did once, iirc). I have a
hunch that the people making money off of these ads know this, too. It might
be good for branding, but in that case you should only consider CPM-- CPC is
your enemy here.

As I gear up for an advertising campaign, I'm looking pretty closely at
channels.

------
altitudinous
Has the same thing happened for ad revenue using Admob in iOS apps since Apple
made https communication the default? I have noticed a drop in revenue, but I
assumed it was just seasonal, maybe there is a technical reason. Cheers.

------
TheMagician0
This has influenced me on my prediction for
([http://www.metaculus.com/questions/164/](http://www.metaculus.com/questions/164/)).

------
danjc
Could some ad partners be holding out because http is getting them lower CPC
for their customers or am I misunderstanding something?

------
dimino
Wait, I don't get it.

The blog post explains what's happening but not the why. How could HTTPS
possibly lower ad revenue? What is the mechanism?

~~~
detaro
> _We learnt that not all advertisers that place bids through the Google ads
> system support HTTPS, resulting in fewer ad impression bids and lower
> overall ad revenue._

~~~
dimino
I'm sorry, but can you walk me there? I know _very_ little about how Google
ads work.

If I buy an ad from Google, I supply my own URL, which can be http or https,
and if my site is https it can't display the http ad?

~~~
pests
No, its that sites served over HTTPS won't show HTTP-only ads. Google
determines who gets the view based on a auction system. Limiting supply of ads
limits competitive bidding.

~~~
cpeterso
So Google does not serve the ads from its own servers? Google just runs the
programmatic auction and then lets the winning advertiser point to whatever
slow, non-HTTPS ad server they like? I guess once Google gets paid by the
auction winner, they don't care what happens next with the served ad. And
serving it from their own servers would just be an extra cost.

~~~
tombrossman
No, they don't actually serve all ads. I imagine they know not to pass off a
request from a HTTPS page to a HTTP-only server (mixed-content blocking would
give a near-100% failure rate) but here is an example of Google's Doubleclick
network being used to spread malware: [https://blog.malwarebytes.org/threat-
analysis/2014/09/google...](https://blog.malwarebytes.org/threat-
analysis/2014/09/googles-doubleclick-ad-network-abused-once-again-in-
malvertising-attacks/)

------
frik
Why not offer both, HTTP (default) and HTTPS. Many websites work like that
just fine.

------
mattbroekhuis
Is there a way to get around this through a proxy endpoint on your server?

