We’ve migrated our documentation to a new site, which means some URLs have changed.
Audience

3rd Party JavaScript Tags

We regularly receive requests to support both 3rd party ad and adserver JavaScript tags. Our development team analyses the tags and builds specific support for these 3rd party platforms. 

Often we hear that a more efficient approach would be to simply allow arbitrary JavaScript content. It is easier for us (we just support one edit box), and easier for you as you don't have to wait for us to implement support.

However, we have deliberately decided not to do this, and this page hopefully provides you with the rationale behind this decision.

Validation

Other than basic syntax checks, it is not possible to validate whether an arbitrary tag actually works in production. Cxense Support has seen many cases where an advertiser has supplied a broken tag and our tools have caught it (we helped fix the tag given the imminent campaign launches).

If our platform didn't perform validation, the broken tag would only be discovered if someone diligent (e.g. your publisher) noticed it and was able to give you enough information to determine which ad it was (remembering that the script is broken so there isn't necessarily an image or any other identifying information to track it down).

Rendering

The creative may not render correctly in the publisher's site e.g. wrap poorly in the confines of the ad space or return content unsuitable for the device such as a flash ad on an iPhone.

Delivery Tracking

We currently register an impression when we return the ad in a response. This is inaccurate if the user's browser doesn't support flash or has ad block turned on as we erroneously count that as an impression. However, in the CPA stream we will integrate with our CDN to pull data for content delivery and feed that into statistics.

Since the arbitrary tag is opaque (we have no idea what resources it uses) we cannot track delivery in this case.

Click Tracking

We cannot guarantee that the tag will pass through a click, so this has an impact on:

  1. Statistics. Clicks, CTR, acquisition costs etc could potentially be incomplete / inaccurate.

  2. Auction CTR (the smoothed CTR the adserver uses to predict the likelihood of a click) is not reliable. Missing clicks will result in the ad being penalised in the auction. This is most relevant for yield ranking models (e.g. CPC) but will be implemented shortly inError rendering macro 'jira' : com.atlassian.confluence.macro.MacroExecutionException: javax.net.ssl.SSLHandshakeException: sun.security.validator.ValidatorException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target for CPM too.

  3. CPA is less effective for this advertisement (penalising it in the auction) since we cannot reliably detect that us showing the impression triggered the conversion path.

External Networks

An agency could paste in a tag from a 3rd party network such as AppNexus or AdX. This allows advertisers to gain access to inventory via a cheaper 3rd party network which devalues your premium inventory and reduces your revenue.

Editorial Issues

Since we have no control or validation over the creative, it could return inappropriate content such as adult material or extremist views.

Malvertising

Malvertising is the delivery of malicious advertisements via publisher sites and is a significant problem as the NY Times discovered. Some additional reading can be found at this AdMonster's article.

XSS

XSS or Cross-site scripting is vulnerability that allows external code to run with the privileges of the hosting site and can be used to steal cookies, login date etc. If your publishers do not take care when rendering the arbitrary JavaScript (such as wrapping it in an iframe from a different domain), it is easy for them to be exposed to these vulnerabilities.

Data Leakage

Many agencies, ad servers and networks build their own user databases to provide an alternative to the premium data set built and curated by publishers. For example, Google's cookie guide describes how their tags implement cookie matching.

Summary

At Cxense we believe strongly in the value of transparency. Implementing arbitrary 3rd party tags is not consistent with this as we cannot guarantee that our systems work as expected, nor can we guarantee that our privacy policy will be upheld.

We welcome your feedback on this position, and feel free to contact us at support@cxense.com with any input.


Last updated: