Avoiding The Google Ads Two-Click Penalty

The "two-click penalty" describes a change Google applies when their systems detect a high likelihood of a false click occurring on a display ad. Google require a user to confirm that they intended a click before allowing the ad's destination to load. This change can have a catastrophic effect on ad revenue for an affected publisher.

Why does Google apply this penalty?

Google applies this penalty when there's a high risk of accidental clicks happening on ads. This can be due to ads being too close to content (especially links/buttons), ads moving to appear in the user's focus when they are trying to click something else (late-loading interstitials), or ads being disguised to look like content. The penalty may also be applied if Google detects a high level of ad fraud on a site (bots clicking ads).

In most of the above examples, it's possible for users to have clicked the ad unit, but believe they're getting something else - either attempting to click a link next to an ad unit, or in the most common example, attempting to scroll the page on a mobile device when a late-loading ad "jumps" into place and they click that instead. As it's an accidental click, the user will typically hit the back button very quickly. This leads to high bounce rates for the advertiser, making the clicks worth nothing to them, and ultimately lowering the price which Google can charge for the slot. By applying this penalty, Google attempts to ensure that any time an ad is clicked on, it's reasonably safe to assume that the click was intentional.

This penalty is usually applied to sites with very high numbers of impressions (> 10 million ad impressions a month, majority programmatic), but can be applied to sites of any size, should the infractions be detected there in high enough volume.

What does the penalty look like for a user?

When an ad is clicked, instead of going to the ad's clickthrough URL, the user is asked to confirm that they intended to click on the ad.

Two-Click Penalty example

This second step in practice has the effect of drastically lowering successful clicks on an ad, collapsing the revenue a site is seeing. This penalty is applied globally, to all ad slots on the affected network. If an ad unit is too close to a nav element, for example, leading to a lot of accidental clicks, leaderboards, MPUs, and all ad slots on the site will have the penalty applied, even if they have sufficient space around them to not trigger accidental clicks.

While this eliminates any fraudulent clicks, it also lowers significantly legitimate clicks. Numerous studies have shown that users don't respond well to unexpected behaviour, so clicking an enticing ad image, only to be given another interaction prompt (rather than going to the site) can cause many users to suspect something suspicious is going on, and not click again.

How do I know if my site has been affected?

Google do not provide any notification or means of knowing if your site is suffering from this penalty. This is because - despite it being known colloquially as a "penalty" - Google do not actually consider this a penalty, but a "view site" optimisation. This is rather unhelpfully impossible to google to find meaningful results!

The ways we typically find out if a site has been impacted are:

  • a significant and sudden drop in ad revenue, particularly from programmatic sources, while visitor numbers remain roughly the same. A sharp decrease in impressions, and a huge fall-off in clicks and revenue happening with no code changes to the site are a good indication that this penalty is being applied.
  • anecdotal reports from users. Sites who get this penalty and have an active social media presence will often get screenshots sent to them from suspicious users, asking if the behaviour is expected, or see it themselves when accessing the site.

Even when a site has this penalty applied, not every user will see it, and even those who do, may not see it consistently. This makes it very difficult to definitively say when a site has been impacted, and, after changes have been applied, when it has been removed. In this case, the best cure is prevention, so the goal is to protect ourselves by building sites which are not likely to be hit by the penalty.

How can I avoid getting hit with this penalty?

Google provide a list of ad placement guidelines which list the broad things to avoid when laying out a website. While there are a number of behavioural guidelines to follow (don't show ads next to text saying "click here to help us out", or put ads in exit popups), the key parts to focus on are the placement of the ads adjacent to site content.

The simplest, most effective protections can be summarised as:

  • Keep ads in containers with distinct "Advertisement" labels.
  • Make the backgrounds of these containers contrast with the site background, so there's no chance that they're mistaken for site content.
  • Ensure there's adequate spacing between the ads and content on all sides. This is generally not a problem for ads on things like home pages and category pages, but the spacing around dynamically-inserted ads like mid-article ad units can easily be forgotten, so a complete audit of ad spacing should be done at the end of each build phase.
  • Avoid ads close to key navigation elements. Things like mobile banner ads sticking underneath a sticky header are a very good way to get accidental clicks, and so should be avoided.

Before and after examples are included below for reference - one in a desktop "category"-style grid, and one in the mobile device, mid-articlem case.

HDesktop mid-cagegory ad example
Mobile mid-article ad example

The Two-Click Penalty can have a catastrophic impact on business, and can take some time to reverse. If you're in a position to implement the above guidelines during the build phase of a new site, it will hopefully save you a lot of heartache down the line!


CyberWiseCon 2025 Speaker

CyberWiseCon 2025

In May 2025, I'll be giving a talk at CyberWiseCon 2025 in Vilnius, Lithuania. From selling 10 Downing St, to moving the Eiffel Tower to Dublin, this talk covers real-world examples of unconventional ways to stop scrapers, phishers, and content thieves. You'll gain practical insights to protect assets, outsmart bad actors, and avoid the mistakes we made along the way!

Get your ticket now and I'll see you there!


Share This Article

Related Articles


Lazy loading background images to improve load time performance

Lazy loading of images helps to radically speed up initial page load. Rich site designs often call for background images, which can't be lazily loaded in the same way. How can we keep our designs, while optimising for a fast initial load?

Using Google Sheets as a RESTful JSON API

Save time by not building backends for simple CRUD apps. Use Google Sheets as both a free backend and JSON API endpoint!

Serverless caching and proxying with Cloudflare Workers

Using Cloudflare Workers we can quickly build an effective API proxy, without spinning up any additional hardware. Whether its needing a CORS proxy, speeding up slow APIs via caching, or rate limit management on stingy APIs, this serverless tech is as easy to set up as it is powerful.

Idempotency - what is it, and how can it help our Laravel APIs?

Idempotency is a critical concept to be aware of when building robust APIs, and is baked into the SDKs of companies like Stripe, Paypal, Shopify, and Amazon. But what exactly is idempotency? And how can we easily add support for it to our Laravel APIs?

Calculating rolling averages with Laravel Collections

Rolling averages are perfect for smoothing out time-series data, helping you to gain insight from noisy graphs and tables. This new package adds first-class support to Laravel Collections for rolling average calculation.

More