Control Ad Injections with PerimeterX

Ad injections are unauthorized advertisements that are injected into web pages with the intention to get users to click on them. Users who click on the injected ads are usually redirected to other sites before eventually reaching their target page.

Ad injections can come from several sources such as browser extensions, ad networks and malware. These browser extensions and ad injectors are plugins that the shopper has downloaded and now run on their web browser. These plugins can be downloaded on browsers like Google Chrome, Safari and Firefox. Most ad injecting browser extensions are available for free because their developer’s intent is to include unwanted software that injects ads, to monetize them.

Injected ads are frequently smart in that they seek out existing, legitimate ad space on a webpage and replace or overlay the original ad. However, some injected ads can also inject JavaScript code directly on the site onto webpages that have user write-access such as a product or check-out page. This means any user that visits the webpage in the future will experience the changes previously made on the page.

Ad injections have been a challenge for website owners since the late 2000s, and even the Google Chrome web store has been unable to control their widespread growth. Up to 20% of your website users could be impacted by unwanted browser extensions, ad injections and malware that alter their user experience and damage your conversion rates, online revenue and brand reputation. In recent years, ad injection companies have started ad networks to cash in on unsuspecting users who click on deceptive ads. This can create a vicious cycle with users unknowingly installing more malware and adware that will inject even more unwanted ads. Ad injections are growing in sophistication, with triggers that inject ads only on specific e-commerce websites or only when a user performs a specific operation. User clicks generate big amounts of fraudulent ad revenue, so the ad injection problem is unlikely to subside anytime soon.

Because ad injections are only seen by the visitor, not by the site owner, combating them is difficult. There are some websites that attempt to limit the impact of injected ads using Content Security Policies (CSP). But the effectiveness of this is limited since CSPs are a moving target and require constant updating and monitoring.