What is the Site Tag and why do I need it?

TrafficGuard's PPC Protection relies on user behaviour analysis based on data collected by its site tag

What is the Site tag?

The Site tag is a JavaScript tagging framework and API that allows the collection and transmission of client-side information to TrafficGuard's verification products.

Most PPC protection solutions have just one source of data to base their invalidation decisions on - the click data they receive from Google Ads.

As well as this Google Ads data, TrafficGuard’s Site tag collects an important supplementary source of information from user engagement with your site after the user has clicked through from an ad. This is a demonstration of TrafficGuard’s full funnel approach - looking not just at a single ad engagement, but user behavioural analysis (UBA) beyond that point to inform verification. UBA is an established and necessary part of cybersecurity frameworks for the effective detection and prevention of all types of fraud and invalid traffic.

What does this enable?
  • Stronger defence against invalid traffic: TrafficGuard’s invalidation is based on what it sees from Google Ads click data, as well as the way users interact with your site. This enables it to invalidate traffic that is sophisticated enough to evade detection from the click alone.
  • More reliable invalidation: Because invalidation is based on more data points, fraud prevention is more reliable.
  • Prevention of false-positive invalidation: User behaviour data collected by our Site tag fuels TrafficGuard’s proprietary propensity to convert algorithm. This ensures that IPs and placements that send valid traffic aren’t excluded from your campaigns and false-positives aren’t able to impact your campaigns.
  • Better visibility of quality: Some traffic can be valid but still detrimental to your overall performance. For example, through TrafficGuard’s behavioural reporting some clients have found users that habitually navigate to their website through advertising. Rather than their ad spend helping to attract net-new customers, it is showing ads to existing, returning customers. Through TrafficGuard, these clients are able to better direct this spend to attract more new customers. The behavioural reporting in TrafficGuard comprises the data collected by the Site tag.

Legacy PPC protection vendors that don’t require a site tag to be placed on your site are missing a vital piece of the validation process. Typically, with outsourced platform development, they don’t have the expertise or the technical foundation to create and utilise a site tag. As a team of engineers and data scientists, TrafficGuard has been built with key verification and cybersecurity methodologies from the outset enabling us to collect and analyse user behaviour to strengthen your PPC protection.

With the additional data processing of our approach, TrafficGuard is a premium fraud prevention solution. Legacy vendors are typically focussed on providing the cheapest solution, rather than the most effective.

What does the Site tag do?

The Site tag collects data from user engagement with your site allowing TrafficGuard to see what happens after an ad is clicked. Did the user navigate through the site in the expected way? Did they bounce off? Did engagement follow a pattern consistent with programmed behaviours? This process, known as User Behaviour Analytics (UBA), is an established and necessary part of cybersecurity frameworks for the effective detection and prevention of all types of fraud and invalid traffic. UBA enables TrafficGuard to identify patterns of website engagement that indicate unusual or anomalous behaviour.

TrafficGuard is not a one-size-fits-all solution. UBA enables TrafficGuard to define what invalid traffic looks like to your business specifically. By analysing the behaviour of all your traffic, TrafficGuard derives a profile of expected or normal behaviour. The scale and frequency of deviation from that norm informs invalidation.

What can be invalidated without the Site tag?
If your PPC protection solution does not receive any signal from your site via either a Site tag or another client-side integration, the types of invalid traffic it can detect are limited.

With just the data from Google Ads, the invalid traffic that can be detected is only that which declares itself as non-human in the header. That includes data center traffic, some bots and crawlers and non browser user agent headers. However, this information is easily spoofed which means solutions that don’t collect the behavioural signal are easily evaded by more sophisticated tactics.

What can be invalidated with the Site tag?
By collecting behavioural data with the Site tag, TrafficGuard has far more data to use to determine whether an ad engagement is valid or invalid. This helps to identify the following:

  • Botnets or data center traffic masquerading as legitimate devices - Botnets are networks of devices that are coordinated remotely via malware to generate invalid traffic. Because each engagement originates from a distinct device, with just the Google Ads click data, botnet traffic looks like legitimate traffic. This traffic can be purchased online as another way for publishers to inflate their audiences; a way for competitors to exhaust your ad budgets; or a variety of other sabotage tactics.
  • Competitors or other sabotage - this activity is executed either as bots masquerading as legitimate users or incentivised human ad engagement. This is not something that can be determined without information from the user on your site
  • Crowdsourcing & incentivised ads - usually publisher-generated invalid clicks where the site’s audience is encouraged to show their support by clicking ads or are otherwise incentivised to click an ad with a reward. These tactics help publishers inflate the advertising engagement of their site to increase their own advertising revenue. This type of invalid traffic can only be detected by identifying patterns of ad engagement coupled with behaviour analysis to determine levels of intent.
  • Other sophisticated and unknown tactics - the nature of ad fraud is that it is constantly evolving. Sophisticated tactics can spoof the data Google Ads collects which is why it is important to collect data from engagement with your site.

The role of the Site tag in false-positive prevention

False-positive invalidation is when genuine traffic is prevented from seeing your ads because the IP or placement has been mistakenly identified as invalid. Many of our clients have cited false-positive prevention as a key reason for choosing TrafficGuard over our competitors. False-positives can be just as detrimental to campaign performance as invalid traffic itself.

In order to mitigate false-positives, TrafficGuard uses a proprietary propensity to convert algorithm which, fuelled by behavioural data collected by the Site tag, ensures that IPs or placements sending genuine traffic are not excluded.

This ensures your ads are not blocked from displaying to your target audience.

Site tag latency and performance

TrafficGuard’s Site tag javascript framework is distributed asynchronously via a high performance and ultra-low-latency global network. The library is constantly optimised to balance capability and transfer/evaluation time and is minified to ensure lower byte-size without decompression overhead. 

The Site tag will have a minimal impact on your page loading speed and end-user experience.

Through numerous performance analysis sampled on an array of devices and browsers, the TrafficGuard Site tag has performed far better than common advertising tags, such as the Facebook pixel.

For cases where a site needs to prioritise page speed over fraud detection the tag can be loaded with <script defer> in order to ensure it is not evaluated until after page load. The down side of this may be a discrepancy in reporting for short clicks.


The TrafficGuard Site tag does not collect Personally Identifiable Information (PII) or sensitive information. Data is secure and end-user privacy is maintained.

To protect user privacy, TrafficGuard policies mandate that no data be passed to TrafficGuard that TrafficGuard could use or recognise as personally identifiable information (PII). PII includes, but is not limited to, information such as email addresses, personal mobile numbers, and social security numbers.

The Site tag stores and accesses information on the end-users device either through your current consent mechanisms where they exist or through our legal right and legitimate interest for the detection and prevention of fraud. TrafficGuard does not collect information that Website visitors and users enter into search boxes and form fields.

All data transmitted to the TrafficGuard platform is done so in a secure and encrypted manner. All data collected and profiles generated are anonymised and are only used for the purpose of measurement, verification and the prevention of fraudulent or invalid activity.