Closed headerbidding closed 6 years ago
External JS or libs from SSPs are not the source of redirects. Redirects are coming from the winning ads rendered on the page. Some sneaky JS codes are hidden in the creatives and unfortunately there is no magic solution to avoid them. You should take a look to this long issue.
Thank you. This is good information! I have raised the bid floor to $1.00 for all bidders. I hope this will keep the bad guys away.
as of prebid 1.x, the referenced behavior (loading external JS by bidders) is not allowed.
Thank you. That's good to know!
I am having malvertising issues and just found this through a google search:
"Actually with header bidding each ad network can in theory execute any javascript they want even before they win or if they don't win at all. This is because most header bidding adapters execute at least some javascript from the ad network. See pulsepoint for example: https://github.com/prebid/Prebid.js/blob/fd7ae19b65da98599590914ee310157c66dd6780/src/adapters/pulsepoint.js#L12 It will always load and execute tag-st.contextweb.com/getjs.static.js no matter if they even bid. This javascript can then do a simple redirect of the top page."
Is this true?
From: https://www.reddit.com/r/adops/comments/6gimey/header_bidding_full_of_malware/