fbpx
FIND OUT MORE

Google Shopping SSL Requirements

When you’re looking to get started with Google Shopping it is essential to consider Google’s requirements for an SSL. As a rule of thumb, if you’re collecting any personal information, then an SSL is required. This becomes more pressing when a checkout and PCI compliance come into play. However, in this instance, we’ll focus on Google Shopping SSL requirements.

Google Shopping SSL requirements

In Google’s shopping policies, they explicitly state a section regarding irresponsible data collection and use, which is definitely worth looking at if you’re a merchant. To cover off key points:

Examples of irresponsible data collection and use: Obtaining the following data over non-secure SSL (https://) server connections:

  • Username or email in combination with passwords
  • Credit and debit card numbers
  • Bank and investment account numbers
  • Other account numbers
  • Bank transfer numbers
  • National identity, pension details, national insurance number, tax ID, NHS or driving licence number

This means that you can be penalised in both Google Search and Advertiser networks by not displaying an SSL on site. We would advise all site owners to make their site secure to avoid this, regardless of if you’re a merchant or not.

Types of SSL certificate

When our clients buy a certificate, they commonly ask “which one should I buy?”.
There are several different types of certificate that Types of SSLcan be purchased, namely a basic domain validation certificate and an EV certificate. We suggest that merchants should purchase the EV certificate. An EV or Extended Validation Certificate is a public key certificate that requires verification by requesting the entity’s identity via a certificate authority. EV certificates are mainly presented by web servers to web browsers for use with SSL/TLS connections.

Checking if your SSL certificate is valid

When you have your certificate in place, you need to ensure it is correctly installed. We can do this by using tools on two sites.

The first check is a basic check where we look for;

  • Server Name Indication – dedicated IP
  • Valid Certificate

We do this via a site called digicertif your certificate is configured correctly, you’ll get a list of ticks which is great!

The next check is a little more comprehensive and looks for;

  • 2048 Bit Key
  • TLS V1.2
  • Grade B or better
  • Complete chains
  • No TLS or any related vulnerabilities
  • Matching exact website URL’s
  • Certificate Transparency

This can be validated on ssllabs.comThis check takes a few minutes to complete, but should give you complete peace of mind.

Checks before submitting a feed

Before submitting your product feed to the merchant centre, is is best to ensure the following are checked;

  1. Check that all buttons point to https both internally and externally
  2. Fresh certificate – not near expiry date
  3. Website is able to be crawled by Google
  4. Make sure all content is loaded under https
  5. Test your checkout in several browsers
  6. Check that landing pages respond with a 200 code rather than any server errors

 

If you follow this guide and your product feed is set up correctly, your products should be approved. This means you’ll be able to set up Google Shopping Campaigns and drive additional revenue! For more information on SSL certificates, please get in touch.

No Comments

Leave a Reply

%d bloggers like this: