Processor features

Share secure signals with bidders (Beta)

For publishers

Publishers can share secure signals on RTB requests through Authorized Buyers, Open Bidding, and SDK Bidding with the third-party bidders they choose. These signals can be created through a signal collection script or adapter provided by a bidder or secure signal provider whom the publisher chooses.

The publisher is ultimately responsible for what information is contained in their chosen signals. The signals must be obfuscated before being sent to Google.

Secure signals will only be shared at the publisher’s explicit instruction and only with bidders the publisher has allowed to receive the signals. At no point will information contained in the signals be visible or readable by Google or its platforms.

Obfuscated data examples: 

  • Encrypting, hashing, or otherwise transforming data to a non-human readable format.
  • Any information that doesn’t include a self-describing component and is not recognizable as PII or structured data.

Non obfuscated data examples: 

  • PII in the clear. Examples: phone number, email address.
  • Structured data that makes otherwise “non-plain text” information understandable. Examples: .json, .xml files that provides an explanation of the data it contains.
Secure signals are subject to the Google Ad Manager Partner Guidelines. When you turn on secure signals, you acknowledge that you've reviewed and accepted the Ads Data Processing Terms.

In this article:

Allow secure signal sharing

Complete the following steps to allow secure signal sharing:

  1. Sign in to Google Ad Manager.
  2. Click Admin, then Global settings, and then Ad exchange account settings.
  3. In the "Secure signal sharing" section, click the toggle on On to allow secure signal sharing. To disable secure signal sharing, click the toggle off off disable.
  4. Click Save.

Share contact information (Optional)

You can select a contact to receive notices from Google about the Ads Data Processing Terms and EU General Data Protection Regulation. 

  1. Select the type of contact: Primary contact, EU representative, or Data Protection Officer. 
  2. Provide the following contact information:
    • Enter the contact’s name.
    • Enter the contact’s email address.
    • (Optional) Enter the contact’s phone number and address.
  3. Click Save.
Contact information is shared with Google and not directly with bidders.

Select allowed secure signals

Complete the following steps to select the secure signals to share with bidders: ​​​

  1. Sign in to Google Ad Manager.
  2. Click Inventory, then Secure signals. A table shows the secure signals you can share. 
  3. To share a secure signal, under "Enable app integration" or "Enable web integration," turn on the toggle On.
  4. For web integrations only, Google can deploy the signal collection script for you.
    Select Google deploy under "Signal collection deployment".
    Using this option only deploys the signal to your page from a location provided by the signal collector.
    If the signal collection script requires information or integration, work with your signal provider.
  5. Alternatively, deploy the signal collection script for an existing Prebid UserID module (Beta) .
    Under "Signal collection deployment", select Prebid UserID module (Beta) .
  6. Under "Secure signals settings," select Share to share secure signals on non-personalized (NPA) ad requests.
  7. Click Save.
If you're using a Content Security Policy (CSP), ensure the signals you select are allowed by the publisher. Google will load the vendor script from a URL provided by the provider. If the script requires any further integration for its correct operation, it is the publisher's responsibility. You should contact the vendor for additional information.

If you select the "Publisher deploy" option, you must deploy the signal collection script on your own. You should also contact the signal provider(s) directly to understand additional requirements or if issues arise.

Web signal deploy option Google actions Publisher actions
Publisher deploy None

Publisher is fully responsible:

  • To load the vendor’s script. 
  • For any integrations required for the script’s operation.
Google deploy

Google will load the script from a location shared by the provider. 

Google does not:

  • Validate the script in any way.
  • Perform any additional integrations.
The publisher is responsible for any additional integrations required for the script’s operation.
Prebid UserID module Google passes output of a Prebid UserID module(s) per configuration in the Ad Manager UI.

Prebid UserID module integration can be manually controlled by the publisher, or you can choose to automatically pass all Prebid UserID modules through secure signals.

To use auto-configuration:

  1. Select Inventory, then Secure signals.
  2. Select the checkbox "Use your Prebid configuration to automatically configure your Secure signals settings".
    This overrides any manual configurations set in Ad Manager for the secure signals that are detected in the Prebid UserID module.

When this toggle is turned on, you won't be able to use Ad Manager to individually control those secure signals.

Select bidders to share secure signals

To view and edit bidder groups, turn on View and Edit bidders permissions. By default, these permissions include the following user roles:

  • View bidders: admin, executive, trafficker, salesperson, and sales manager.
  • Edit bidders: admin, trafficker, salesperson, and sales manager.

To view and edit Secure signals, under Manage people, turn on Edit companies and contacts.

Share secure signals with all bidders

To allow secure signals to be shared with all bidders:

  1. Sign in to Google Ad Manager.
  2. Click Delivery, then Demand channel settings.
  3. Under the "Default settings" tab, click Secure signal sharing.
  4. Turn on the toggle for the desired demand channels.

Bidders can now receive the secure signals you share with them. The bidders must choose whether they want to receive a signal (from any publisher) when it's available.

Share secure signals with specific bidders

To allow or not allow secure signals to be shared with the bidders in an override group:

  1. Sign in to Google Ad Manager.
  2. Click Delivery, then Demand channel settings.
  3. Click Override groups, and then select an existing override group or create a new override group.
  4. In the override group settings, click Secure signal sharing, and then:
    • To allow secure signal sharing for the group, turn the toggle on On.
    • To not allow secure signal sharing for the group, turn the toggle off off disable.
      The setting applies to all bidders in the selected override group.
  5. Click Save.

Report on secure signals

Use the following dimensions to report on secure signals.

  • Secure signal presence Beta reports the presence of the secure signals in the ad request.
  • Secure signal delivery Beta reports if secure signals were sent to the bidder who won the impression.
  • Secure signal name (presented) Beta  reports the names of the secure signals sent in the ad request.
  • Secure signal name (delivered) Beta reports the names of the secure signals that were sent to the bidder who won the impression.

Learn more about report dimensions for secure signals.

Troubleshoot secure signals

Find out why secure signals aren't delivering. #securesignals

To ensure secure signals are being included in all eligible RTB ad requests, there are a number of troubleshooting steps possible.

Identify missing secure signal providers on requests

In Ad Manager reporting, use the appropriate "Demand channel" filter (Ad Exchange, Open Bidding or SDK Bidding) and combine with the "Secure signal name (presented)" or "Secure signal name (delivered)" dimensions to see which secure signal providers are being sent on ad requests. You can additionally use the "Date" and "Inventory types (expanded)" dimensions to help limit the focus of your report to a specific time period or environment.

Ensure secure signal delivery

Review your secure signals controls in Demand channel settings and ensure that any default settings or override groups align with your preferences. If default settings are toggled on for some or all demand channels, ensure there is not a conflicting setting in an override group that may be preventing some or all bidders from receiving the signal. 

In demand channel settings, you can also control whether Authorized Buyers can use bid request data to build user profiles for uses such as interest-based ads and remarketing.

For SDK Bidding specifically, learn how to ensure bidders can send their own signals by verifying your SDK Bidding setup.

Use Delivery tools or Ad inspector

In mobile app environments, you can verify signals are being passed using either Delivery tools or Ad inspector. If secure signals are missing, make sure that the ad units coded into the map exactly match the ad units in Google Ad Manager, because they are case sensitive. You can learn more about troubleshooting secure signals delivery in mobile app environments by reviewing the Verify your SDK Bidding setup and Inspect mobile app ad delivery articles.

Use Developer tools

In web environments, you can inspect a browser’s local storage to find if signals are present.

  1. In Chrome, click the ellipsis More, then More tools, and then < > Developer tools.
  2. Click the “Application” tab.
  3. Under the "Storage" pane and "Local storage", click the URL (like https://www.example.com). The site's local storage data displays.
  4. Identify the "Key" corresponding to the signal provider.
    It may be in the form of _GESPSK-<signal-provider.com>.
  5. If you see the desired signal(s) in the corresponding entry, the signal has been cached in the browser’s local storage and is being sent.

Consult with your secure signal provider

We recommend that publishers work with their secure signal provider(s) to ensure their implementation is healthy. Additionally, go through previous steps to manage errors and misconfigurations. Working with your secure signal provider directly ensures the script is loading and operating as expected.

How Google processes secure signals

When Google processes secure signals for Ad Manager it operates as a data processor under the General Data Protection Regulation and as a service provider under the California Privacy Rights Act, Virginia’s Consumer Data Protection Act, the Colorado Privacy Act, Connecticut’s Act Concerning Data Privacy and Online Monitoring, and the Utah Consumer Privacy Act. As such, Google processes secure signals on your behalf.

Security certifications

ISO 27001

ISO 27001 is one of the most widely recognized, internationally accepted independent security standards. Google has earned ISO 27001 certification for the systems, applications, people, technology, processes and data centers serving a number of Google products, including Google Ad Manager.

About GDPR

Keeping users’ information safe and secure is among our highest priorities at Google. Over the years, we've worked closely with Data Protection Authorities in Europe and have implemented strong privacy protections that reflect their guidance. We are committed to complying with the General Data Protection Regulation (GDPR) and will collaborate with partners throughout this process.

For the use of secure signals from publishers, we are offering the Google Ads Data Processing Terms, which you may review and accept in Ad Manager.

How to accept the Ads Data Processing Terms

When you turn on secure signal sharing, you acknowledge that secure signals is a processor feature and is subject to the Ads Data Processing Terms. Turning on secure signal sharing means that you have reviewed and agree to be bound by the Ads Data Processing Terms.

Was this helpful?

How can we improve it?
true
Release notes

Read about the latest Ad Manager features and Help Center updates.

See what's new

Search
Clear search
Close search
Google apps
Main menu