Google Ad Exchange policies and enforcement

This guide is intended to provide answers to commonly asked questions and share the framework of Ad Exchange policy enforcement. The information presented here does not, in any way, change the actual policies, which are available at You can also access the Ad Exchange policies from the Program Guidelines link located in the footer of the application.

Automated creative review

Ad Exchange reserves the right to conduct automated creative reviews in order to maintain the quality of ads on the exchange. While this does not change the Ad Exchange guidelines, creatives that don't meet our policies will be paused until corrected. The most common issues are: destination URL not working, flash cookies, raw IP addresses, missing or broken click macros, invalid 4th party calls, undeclared or incorrect landing page, customer creative ID misuse, non certified vendors, and creative download sizes.

Content and creatives

Ad Exchange reserves the right to disapprove ads in breach of the content and creative policies outlined in the Google Ads Advertising Policies and to suspend entire accounts for certain violations. If you have any questions about the violations, please contact your account team.


  • Animation length
  • Ads must remain static after 30 seconds
  • Creatives may not exceed a 150K initial load. The total download cannot exceed 5MB.
  • Maximum frame rate
  • All creatives must open in new windows. The target window for the click-through URL must be set to "_blank" so the click-through will open in a new window. Do not leave the target statement undeclared
  • Trafficking errors, e.g. the destination URL matching where the user is sent,, and leads to a parked domain
  • Blank ads - each trafficked ad must contain a creative; rendering blank creatives is not acceptable
  • Click-to-call ads - currently not supported

Please refer to the full content guidelines outlined in the Google Ads Advertising Policies, as well as the Requirements for third-party ad serving.

If a client’s ad is disapproved under these circumstances, they will be required to make the necessary compliance changes and resubmit their ads for review.

In addition to the above policies, Ad Exchange has the following policy on family safe status:

Google assigns a family status to all ads to make sure that ads are shown to an appropriate audience. Products that are considered to have "non-family safe" status cannot currently be run on Ad Exchange.

We continue to review this status and reserve the right to change this policy for Ad Exchange.

Data and third-party ad serving

Data and third-party ad serving includes the following topics.

Declaration of third and fourth-party calls

All third- and fourth-party calls must be declared. This includes:

  • Redirects or server-to-server callouts.
  • Redirects or callouts to any technology, including ad servers, rich-media servers, tracking technologies, or verification technologies.


  • The technology is issued by a single buyer on Ad Exchange solely for their own use and is not licensed to any third parties
  • The technology is an approved technology vendor

No fifth-party calls are allowed. You cannot have an ad on Ad Exchange that calls a third-party ad server that calls another third-party ad server (fourth-party call) that calls another third-party ad server (fifth-party call).

Policy for third and fourth-party calls

Refer to the requirements for third-party ad serving, under third-party ad serving for a complete list of policy requirements.

Data collection

You may use a cookie, web beacon, or other tracking mechanism to collect anonymous traffic data for purposes of aggregated reach, frequency and/or conversion reporting, provided you use a certified third party vendor for this purpose. Collecting impression-level data via cookies or other mechanisms for purposes of subsequent re-targeting, interest category categorization or personalization, or syndication to other parties on Google Display Network inventory is prohibited. This restriction does not apply to click- or conversion-level data.

You may not associate cookies, web beacons, or other tracking mechanisms with personally-identifiable information (PII) for any purpose or with precise user location for behavior targeting unless the user has knowingly and expressly opted in. For purposes of this document, PII and precise user location does not include IP addresses.

You will not, and will not assist or knowingly permit any third party, to set a cookie, or alter or delete a cookie set, on any Google owned and operated domains, including, without limitation, on a DoubleClick domain.

You must display a prominent privacy policy with an option for users to persistently opt out of any cookie, web beacon, or other tracking mechanism set by you for data collection.

You can see a list of approved technology vendors who perform data collection, by searching for a research vendor type.


An ad served by a buyer for an advertiser contains a tracking URL, collecting user data to be used with subsequent campaigns. For example, using the pixel below, the vendor "", needs to be declared in the ad:

If the vendor is not available on the list of declarable vendors, it is either white-listed on the approved technology vendors list or not allowed under any circumstances.

Flash cookies and other locally shared objects

Flash cookies and other locally shared object (LSO) technologies are not allowed on Ad Exchange.

Flash cookies & local storage

Flash cookies are defined as any locally shared object (LSO) technologies (including, but not limited to, flash cookies, browser helper objects, or HTML5 localStorage) for behavioral advertising, ad delivery, reporting, and/or multi-site advertising.


A flash banner is served that sets a .lso file;  the banner writes data about the page the user was on, the products displayed in the banner, and makes a backup of the user’s web cookie data. Users cannot easily or transparently block LSO objects, and it is against Google policies to gather ad serving data from an ad impression.

Please refer to the Requirements for third-party ad serving, under third-party ad serving.


Malware is not accepted or tolerated within any Google product including Ad Exchange. Google verifies any creatives directly uploaded into Ad Exchange, or follows the third-party redirect for malware or viruses through proprietary systems.

Malware violations are not accepted or tolerated within any Google product, including Ad Exchange. Google reviews creatives or the third-party redirect uploaded in the service. Learn more about What Google does to prevent malware.

Given Ad Exchange's relationship with third-parties, however, there is the possibility that a buyer on Ad Exchange, either in their system or through a call-out from their system, may have a policy violation or introduce malware or viruses to Ad Exchange. Any buyer that intentionally violates policy or actively uploads malware or viruses directly into Ad Exchange will be immediately and permanently terminated. For those using external calls, Google will attempt to detect any such activity and suspend the associated creative or call-out. Should a violation be detected, Google's policy toward the buyer is as follows in the Enforcement section.

Click macros

Buyers that serve ads from a third-party are required to use a Google click macro in their tags. This allows clicks to be reported back to Google, which can then share them with publishers. Click macros are also used to protect inventory by detecting invalid clicks and impressions. All certified vendors and tags have been tested to support the Google click macro.

Learn more about the different macros and their implementation.

Responsible ad tracking

Buyers should work with their advertising partners to minimize the use of 3rd and 4th party tracking, such that campaign goals are met, without significantly affecting the User experience. For example, don’t include more than one hundred fourth party calls in a single creative, as this results in increased latency, and a poor user experience.

Did this answer your question?