Google actively works with trusted advertisers and partners to help prevent malware in ads. All publishers and ad networks should follow the security recommendations detailed at https://anti-malvertising.withgoogle.com/.
Google's proprietary technology and malware detection tools are used to regularly scan all creatives. Fourth-party calls or sub-syndication to any uncertified advertisers or vendors are forbidden. Any ad distributing malware is pulled to protect users from harm. Any Authorized buyer whose creative is found to contain malware is subject to a minimum three-month suspension. If you have a creative under policy violation, learn how to resolve it.
Learn more about unwanted ads issues in Ad Exchange, how to avoid malware, or how to report abuse and illegal activity.
Creatives that trigger automatic-redirects or pop-ups
Auto-redirects are a form of malvertising that automatically click and unexpectedly take users to another site in a user’s browser or mobile app when rendered. Similarly, pop-ups are a form of malvertising that render system dialog boxes over the website enticing the user to click.
Google prohibits this behavior and is constantly improving detection and enforcement. The large majority of Ad Exchange and Google demand uses technical solutions to stop this malicious creative activity in Chrome, the Mobile Ads SDK, and other platforms.
Other exchanges, networks, and partners transacted through header bidding and remnant or reservation line items might not have the same policies and protections. Ensure that your demand sources have adequate policies to prohibit and protect against this behavior.
SafeFrame automatic protections enabled
SafeFrame is turned on by default for all reservation creatives. This may break some creatives, and those creatives may require updating to display properly. While it is possible to turn off the SafeFrame feature, we highly recommend keeping it turned on.
SafeFrame is automatically enabled for all backfill creatives, and sandboxing is also enabled for browsers that support it.
For enhanced security, you may choose to use the setSafeFrameConfig and the setForceSafeFrame methods in the GPT API. These methods are used to override the configuration set in Ad Manager and force ads in a specific slot to always render in a SafeFrame. If you implement these methods, it is important to set up your reservation creatives with SafeFrame in mind.
Creative that loads a blank or white page
When an ad is clicked or tapped, it should open the target destination. If a blank or white page is loaded instead, it can be caused by the following issues:
- The URL automatically redirects the user. Auto-redirects are a form of malvertising that automatically click and unexpectedly take users to another site in a user’s browser or mobile app when rendered. Google prohibits this behavior. Learn more about automatic redirects and malvertising.
- The landing page domain may be affected by malware. Google actively works with trusted advertisers and partners to help prevent malware in ads. All publishers and ad networks should follow the security recommendations detailed at https://anti-malvertising.withgoogle.com/.
You can also review the tips on the Google Developers' page, "How do I know if my site is hacked?" Additionally, third-party sites, such as Sucuri and PCRisk may be able to detect the issue.
Report a violation from a Google exchange or network
If you see an automatic redirect or pop-up from AdWords, AdSense, or Ad Exchange, contact publisher support with a recorded HTTP log of the redirect behavior, required for investigation.
Publisher support teams cannot investigate creatives from third-party exchanges or networks.