Google AdWords requires an SSL certificate?

If you run a online business, you are sure to use Google AdWords. Perhaps this is one of the main traffic sources on your site, so the last message you want to see is "Your account has been suspended ...". And yet, you can expect it if your site is not SSL-secured.

What sites need SSL?

Google AdWords requires an SSL certificate for pages where all numbers are collected, including credit cards, bank accounts, transfers, IDs, health insurance number, etc. So if your website includes a site where such data is collected, such as checkout page, you should have SSL deployed.

Since when is such a policy?

Google cares about the security of the Internet seriously and is consistent in it. We see how different stages of the solutions are being implemented. We all know the rules of Chrome since January 2017.

The obligation to have SSL for businesses using AdWords is not new, but it is still poorly recognized. This policy was announced on the AdWords blog as early as in May 2011.

Is SSL necessary for all types of AdWords ads?

Since the principle of SSL for sites with checkout pages is valid from 2011, how is it that it is not commonly known? In other words, how advertisers are not using the certificate and still run the campaign?

The basic principles of AdWords in the "Account management and security" section are clear:

According to AdWords rules, websites that send certain personal and financial information must use SSL connections. - support.google.com

There is no distinction between forms of AdWords advertising, which means that this applies to all types.

In practice though ...

The SSL certificate requirement, however, is not enforced. With one exception, Product Listing Ads, known as PLA, or Google Shopping. Here the system is restrictive and automatically suspends your account for "Irrelevant collection and use of data". This is probably because the PLA always advertise ecommerce sites, which in turn always have login pages, etc., which ensures that the SSL certificate should be implemented.

What will Google do?

As we mentioned, Google is consistent in implementing security rules. Even if it currently controls SSL only for Product Listing Ads, this does not mean that it will not begin to verify pages for other types of campaigns. We can be sure that it will eventually do so. Perhaps Chrome-related activities are a prelude to the form of preparing advertisers to implement the protocol.

What certificate is sufficient?

The choice of certificates is very wide and prices range from a few dozen to a few thousand USD. However, if you just want to go through Google AdWords (and Chrome) verification, you just need the simplest SSL validation (Domain Validation) certificate. If your site is on a domain and subdomain, and wherever you collect sensitive data, you can save by choosing a Wildcard. If you have multiple domains in turn use Multidomain. In all cases DV validation is sufficient.