Prevent malware in ad content

Google actively works with trusted advertisers and partners to help prevent malware in ads. All publishers and ad networks should follow the security recommendations detailed at

Google's proprietary technology and malware detection tools are used to regularly scan all creatives. Fourth-party calls or sub-syndication to any uncertified advertisers or vendors are forbidden. Any ad distributing malware is pulled to protect users from harm. Any Authorized buyer whose creative is found to contain malware is subject to a minimum three-month suspension. If you have a creative under policy violation, learn how to resolve it.

Creatives that trigger automatic-redirects or pop-ups

Auto-redirects are a form of malvertising that automatically click and unexpectedly take users to another site in a user’s browser or mobile app when rendered. Similarly, pop-ups are a form of malvertising that render system dialog boxes over the website enticing the user to click.

Google prohibits this behavior and is constantly improving detection and enforcement. The large majority of Ad Exchange and Google demand uses technical solutions to stop this malicious creative activity in Chrome, the Mobile Ads SDK, and other platforms.

Other exchanges, networks, and partners transacted through header bidding and remnant or reservation line items might not have the same policies and protections. Ensure that your demand sources have adequate policies to prohibit and protect against this behavior.

SafeFrame automatic protections enabled

SafeFrame is turned on by default for all reservation creatives. This may break some creatives, and those creatives may require updating to display properly. While it is possible to disable the SafeFrame feature, we highly recommend keeping it turned on.

SafeFrame is automatically enabled for all backfill creatives, and sandboxing is also enabled for browsers that support it.

For enhanced security, you may choose to use the setSafeFrameConfig and the setForceSafeFrame methods in the GPT API. These methods are used to override the configuration set in Ad Manager and force ads in a specific slot to always render in a SafeFrame. If you implement these methods, it is important to set up your reservation creatives with SafeFrame in mind.

If you implement third party JavaScript libraries to integrate non-Google demand onto your pages, be aware that some of these libraries will circumvent Google's malware protections by rendering their content in friendly frames.

Report a violation from a Google exchange or network

If you see an automatic redirect or pop-up from AdWords, AdSense, or Ad Exchange, contact publisher support with a recorded HTTP log of the redirect behavior, required for investigation.

Publisher support teams cannot investigate creatives from third-party exchanges or networks.

Was this helpful?
How can we improve it?