[acqq]

> Given the dozens of redirects and pixel injections and iframes slapped into a media page, it's nearly impossible to serve secure traffic since it only takes one network to downgrade the https request to http and then the page is "broken".

You mean, then the specific ad is broken, as long as its ad router isn't fixed to use https?

[fein]

Ever worked with affiliate ad funnels before? Everything looks like it was coded by the bosses 14 year old son. Pages served under https containing tracking pixels under http, iframes sourcing http endpoints, various obscure analytics setups without any semblance of ssl...

And when all your impression pixels are refused because of insecure content warnings (because your server is serving over https), your impressions stats dive harder than a lead zeppelin.

What's broken is the total lack of standardization for any of these companies, which makes sense given that most of these guys are slinging diet pills and brain supplements to the LCD; Great devs don't usually gravitate to industries like that.

[wlesieutre]

Right, the browser gives you an "Only secure content is displayed" notice and the page works fine.