Browser Security Standards

<img src="https://xyz.com/" alt="Sample Text" height="42" width="42">

• References to CSS resources: <link rel="stylesheet" type="text/css" href="https://xyz.com/...">
• References within CSS:
  body { background-image: url("https://xyz.com/abc.gif"); }
  .banner { background: url("https://xyz.com/banner.png");
  ul { list-style: square url(https://xyz.com/block.png);}

<video width="10" height="10" controls>
<source src="https://xyz.com/" type="video/mp4">
</video>

<audio controls>
<source src="https://xyz.com/" type="audio/mpeg">
</audio>

• Trading API, for single SKU and multiple variations & feeds:
  <PictureURL> https://xyz.com/ </PictureURL>
• Inventory API: "imageUrls": [ "https://xyz.com/" ]
• MIP: In the Product and Combined feed

eBay no longer supports active content in listing descriptions.

However, if any of the following tags are still present in listings and don't use secure HTTPS URLs, they may cause issues for Chrome users.

<script> (src attribute)
<iframe> (src attribute)
<form> (action attribute)
<embed> (src attribute)
XMLHTTPRequests loading insecure resources:
request.open("GET", "https://xyz.com/", true); request.send();

HTML 4 Tags

<applet codebase=url>
<area href=url>
<base href=url>
<blockquote cite=url>
<body background=url>
<del cite=url>
<form action=url>
<frame longdesc=url> ,<frame src=url>
<head profile=url>
<iframe longdesc=url> , <iframe src=url>
<img longdesc=url> , <img src=url> , <img usemap=url>
<input src=url> and <input usemap=url>
<ins cite=url>
<link href=url>
<object classid=url>, <object codebase=url> , <object data=url> , <object usemap=url>
<q cite=url>

HTML 5 Tags

<audio src=url>
<button formaction=url>
<command icon=url>
<embed src=url>
<html manifest=url>
<input formaction=url>
<source src=url>
<video poster=url> , <video src=url>

Complex URLs

<img srcset="url1 resolution1 url2 resolution2">
<source srcset="url1 resolution1 url2 resolution2">
<object archive=url> , <object archive="url1 url2 url3">
<applet archive=url> , <applet archive=url1,url2,url3>
<meta http-equiv="refresh" content="seconds; url">
<svg><image href="url"/></svg>

Starting in mid-October 2017, Google Chrome will begin displaying the message "Not secure" in the address window when users visit any page with HTTP content. To ensure buyers don't see this message when they visit your listings, eBay is changing how desktop users can view listings with noncompliant content. Starting in October 2017 for eBay.com and early 2018 for eBay.ca, listings with HTTP content will feature key snippets of the item description followed by a button to "See full item description", putting the complete item description just one click away. This experience is similar to how buyers already view listings on mobile.

No. Many eBay listings are already secure and will be unchanged. Only listings with non-secure content will feature the button to "See full item description."

Make sure both your listing descriptions and gallery images do not contain any non-secure, HTTP content by following the steps we've provided. If your listings are HTTPS compliant, they won't be impacted by this change and your item descriptions will fully display on the main page.

Update all active listings, scheduled listings, saved listing templates, description templates, and inventory you have not yet listed.

Only HTTP URLs in tags pulling content onto your listing or store will trigger these changes. Such content could include images, videos, audio, CSS URLs, and other content as described above.

Links to external sites are governed by the eBay links policy, but will not trigger any change.

eBay does plan to notify sellers whose listings feature non-secure content, but you should start following steps to make your listings compliant now ahead of October's change.

No, there will be no change to the mobile experience.

If you created Good 'Til Cancelled (GTC) listings or created your storefront before your provider updated their security protocol, your listings or eBay Store could still contain non-compliant content. Third-party providers list GTC listings the first time, and eBay automatically relists them, unchanged.

Contact your provider to learn how they can help you update older GTC listings, draft listings, listing templates, and storefronts.

No. Since June 2017, eBay does not allow active content such as JavaScript, Flash, plug-ins, and other similar programming methods in listings.

Externally hosted content such as photos and cascading style sheets (CSS) are deemed "passive" content and are still allowed in listings. They will not trigger the Google "Not secure" message or hidden description as long as they are delivered using the secure HTTPS transfer protocol.

Your content will likely show up as a broken image or video. Contact your domain to make sure they are HTTPS compliant or remove HTTP content altogether.

No, we do not plan to block listings with noncompliant content.

Buyers will see the same item description snippet and "See full item description" button regardless of which browser they use.

There will be no changes to the mobile experience, which within the mobile experience already features key snippets of item descriptions regardless of mobile browser.

The same View Item description summary feature available within the mobile experience today will apply to the desktop experience. Learn more about adding the summary feature within your description.

The full item description should appear on your listing within a few hours of your listing becoming compliant.

Active content was used by many sellers to provide interactivity, animation, or video via the use of JavaScript, Flash, plug-ins, or form actions in listings. Since June 2017, eBay no longer renders active content, and recommends alternatives.

HTTP is a communications protocol used to access pages on the internet. HTTPS (the 'S' stands for 'Secure') ensures that all of your communication over the network is encrypted and secure. Browsers like Chrome are mandating stronger HTTPS standards, and eBay is supporting this initiative. eBay pages are HTTPS, and we are requiring our sellers to link only to HTTPS pages beginning this October (for eBay.com listings) or early 2018 (for eBay.ca listings). Sellers who do not switch to the HTTPS protocol before the deadlines above will have their item description hidden behind a button so that buyers do not see the "Not secure" warning when they view the page.

To ensure that your item description and images display properly, ask your hosting provider or third-party partner to support HTTPS and update listing templates or descriptions accordingly. For optimized display on both desktop and mobile, we recommend that you upload your images to eBay.

Off-eBay links, email addresses, and phone numbers are not permitted on the item description page, in titles, or on other eBay pages. Even if you remove active content and comply with the HTTPS protocol, they are still not permitted. eBay may take a range of actions for sellers who violate our Offers to buy or sell outside of eBay policy.

Your listing should update without the button within a few hours of becoming compliant. If it's still hidden after that, make sure you review the gallery images you submit to eBay, as those images must also be HTTPS-compliant.

For now, use the bulk editing functionality, or the find and replace feature if you list on eBay.com. We are exploring options to make this easier for you in the future.

Yes, but if you want to check more than one item ID, you will need to register a new i-ways account for every eBay account you want to check. If you'd simply like to check item IDs from different accounts, you can do that easily with the item ID checker tool within i-ways without signing up for an i-ways account.

If you see the "See full item description" button before February 2018, you could be using a link from another listing or from outside of eBay that uses an HTTPS prefix and leads to one of your eBay item pages that contains non-secure content. This can be resolved by removing or updating the non-secure content in your listings.