I poked around on my AdSense account to see where I was losing the revenue, since AdSense was still displaying the same number of impressions. It turned out I was seeing a 75% drop in CPC impressions, and AdSense was running low paying CPM impressions instead.
That's a graph of daily CPC impressions on my account. It's obvious when I switched to HTTPS. That was over a month and a half ago. It hasn't bounced back.
I'm faced with a difficult decision now; whether to go back to HTTP and inform the community we're going to a less secure system for increased ad revenues, or I need to accept a 30% drop in my yearly income, and hope the situation improves as more networks switch to HTTPS.
If you do this, be careful of the HSTS header. You'll want to remove this from responses for a while before you flip everyone back to HTTP because their browsers will refuse to send HTTP requests during the specified period or until the next time they clear their browsing data.
If you don't have a lot of returning visitors, it matters less, but still something to be aware of.
You can however send the HSTS header with max-age=0 which will start clearing it for existing users
google is big but not the only one.
the only way to bridge that gap really is expertise or consulting, typical website owners will have neither unless they are very large (think alexa top 1000).
HTTPS site can't load resources over HTTP (due to security) -> only those advertisers who support HTTPS can place bids for HTTPS-only sites (and not all do) -> the smaller number of bids results in lower ad revenue
However, as also noted there, the advertisers who do support HTTPS should preferentially bid for impressions on HTTPS-only sites, since the price per view (or per click etc), is lower. Importantly, they should continue doing this (raising the price of adverts on HTTPS-only pages, due to the increased demand), until the price per click etc. is the same for HTTPS-only and "normal" sites. Why does this not happen?
i) The simple model above is overly simplistic, and I don't actually understand the situation,
ii) The marginal costs of serving HTTPS ads and HTTP ads are not the same (though why would that be — the server overhead for HTTPS is marginal) or the the revenue from HTTPS vs. HTTP ads is lower (but again, why?),
iii) The time-frame is too short(?),
iv) Advertisers are turning down free money (highly unlikely).
> iv) Advertisers are turning down free money (highly unlikely).
One explanation: You are modeling advertisers' behavior similar to a control system having integral gain and/or bandwidth higher than the timeframe of the disturbance (HTTPS adoption rate). In practice, it may be that the market's optimization is using only proportional gain and/or lower bandwidth. Such a system merely reduces the impact of differing market sizes for HTTPS support, without eliminating it, or perhaps takes more time to eliminate it.
They are also bidding on what's presumably a shrinking pie of HTTP ad space. If the volume available to buy has dropped considerably, that may also be driving up the price of HTTP ad views.
The browser won't hand over the refer(r)er information from HTTPS to HTTP!
This lack of information causes a lower valuation of the inventory b/c the third-party ad networks (which are determined via AdX by an auction) don't know what they are bidding for.
I'm not exactly sure about the precise causation but I think this is the reason for that drop.
Frankly, the people in the agency world making the kinds of decisions about which ad network to use are not the most tech savvy people. They're typically two or three layers removed from anyone who actually understands the difference between HTTP and HTTPS. Until that changes (hint: not for another 20-30 years when the current crop of middle aged account executives is retired or dead) then ad networks won't receive any major pushback from the people who are their largest most reliable customers.
Even if every person in the agency world understood the harm of poorly made ad units tomorrow it would still take ages for any changes to occur because of existing relationships and contracts.
More likely concentric circles.
* I've worked in adtech for years and now currently run my own company where we do this right.
Sites that use the ad networks to manage their advertising inventory are probably not going to go with a network that provides a better end-user experience, if it means the network doesn't have enough ads to fill the inventory or they're lower CPM -- if they have a significant interest in quality end-user experience, they're likely going to manage their inventory themselves.
> For example, terrible flash ads, ads that break the site they're displayed on, lack of HTTPS, malware
Advertisers love flash ads, love ads that takeover the whole damn site, don't care about HTTPS, and would like to have every page view counted with about 70 different beacon services -- that's going to be way slower if you have to negotiate a different tls session for each. Advertisers serving malware would like to serve it, clearly. An ad network needs advertisers, so there you go.
Also, an ad network needs to make sure they can show an ad everytime one is requested, so they'll backfill with other ad networks if they have to -- hard to maintain quality in that case. (Although personally, when I was involved in a website making money with ads, I was a lot happier with not showing an ad (and just moving the rest of the content up) when there was no quality ad available -- unseemly ads make my page feel unseemly; not all sites have the luxury to make that decision though)
All of these seem like things that while bad, will make them more money. Not like things they don't have the know-how to move over from...
I'd like to add a shameless plug by noting that I'm working on a project that renders performance and security much of a false dichotomy within native iOS applications. We hope to incentivize the capitalists in the room to secure their applications by coincidence of making them faster.
I believe this situation also shows weird dynamics with fighting adfraud. In general too much fraud can crash ad click economy, but on micro scale a lot of actors indirectly benefit from it so they don't have incentive to fight with it strongly. Especially if most automated way of fighting bots will also affect legitimate traffic (e.g. captcha for real users).
I would say real world analogy is oil prices and OPEC. Or more classical analogy is prisoner's dilemma. Individual actor incentives are different than best solution for the whole ecosystem.
The real cause is downgrade protection. When your browser loads an HTTPS page, it will refuse to load (or at least warn when loading) any other resources over HTTP: js, css, iframes, etc.
This is to ensure that the icon you see in your URL bar is actually accurate: if a page loads over HTTPS, but consists entirely of a single HTTP iframe, that nice green lock is totally meaningless.
So when the OP switched their site to HTTPS-only, they lost the ability to ever display any from HTTP-only bidders. So the set of people bidding on their ad slots went down, the price went down, and their revenue went down.
I'm trying to think of how Google can attempt remedying this, with the more obvious options being to either increase the non-HTTPS search penalty, or perhaps to buy up some of the ad stock itself.
Maybe https is just breaking some fraud bots?
As I gear up for an advertising campaign, I'm looking pretty closely at channels.
The blog post explains what's happening but not the why. How could HTTPS possibly lower ad revenue? What is the mechanism?
If I buy an ad from Google, I supply my own URL, which can be http or https, and if my site is https it can't display the http ad?
It would be interesting to see this broken down from the advertiser side.