Google Shopping SSL Requirements
When you’re looking to get started with Google Shopping it is essential to consider Google’s requirements for an SSL. As a rule of thumb, if you’re collecting any personal information, then an SSL is required. This becomes more pressing when a checkout and PCI compliance come into play. However, in this instance, we’ll focus on Google Shopping SSL requirements.
In Google’s shopping policies, they explicitly state a section regarding irresponsible data collection and use, which is definitely worth looking at if you’re a merchant. To cover off key points:
Examples of irresponsible data collection and use: Obtaining the following data over non-secure SSL (https://) server connections:
- Username or email in combination with passwords
- Credit and debit card numbers
- Bank and investment account numbers
- Other account numbers
- Bank transfer numbers
- National identity, pension details, national insurance number, tax ID, NHS or driving licence number
This means that you can be penalised in both Google Search and Advertiser networks by not displaying an SSL on site. We would advise all site owners to make their site secure to avoid this, regardless of if you’re a merchant or not.
Types of SSL certificate
When our clients buy a certificate, they commonly ask “which one should I buy?”.
There are several different types of certificate that can be purchased, namely a basic domain validation certificate and an EV certificate. We suggest that merchants should purchase the EV certificate. An EV or Extended Validation Certificate is a public key certificate that requires verification by requesting the entity’s identity via a certificate authority. EV certificates are mainly presented by web servers to web browsers for use with SSL/TLS connections.
Checking if your SSL certificate is valid
When you have your certificate in place, you need to ensure it is correctly installed. We can do this by using tools on two sites.
The first check is a basic check where we look for;
- Server Name Indication – dedicated IP
- Valid Certificate
We do this via a site called digicert, if your certificate is configured correctly, you’ll get a list of ticks which is great!
The next check is a little more comprehensive and looks for;
- 2048 Bit Key
- TLS V1.2
- Grade B or better
- Complete chains
- No TLS or any related vulnerabilities
- Matching exact website URL’s
- Certificate Transparency
This can be validated on ssllabs.com. This check takes a few minutes to complete, but should give you complete peace of mind.
Checks before submitting a feed
Before submitting your product feed to the merchant centre, is is best to ensure the following are checked;
- Check that all buttons point to https both internally and externally
- Fresh certificate – not near expiry date
- Website is able to be crawled by Google
- Make sure all content is loaded under https
- Test your checkout in several browsers
- Check that landing pages respond with a 200 code rather than any server errors
If you follow this guide and your product feed is set up correctly, your products should be approved. This means you’ll be able to set up Google Shopping Campaigns and drive additional revenue! For more information on SSL certificates, please get in touch.