Third-Party Served Ads

• 120 x 600
• 160 x 600
• 200 x 200
• 240 x 400
• 250 x 250
• 250 x 360
• 300 x 250
• 300 x 600
• 300 x 1050
• 320 x 50
• 320 x 100
• 336 x 280
• 468 x 60
• 580 x 400
• 728 x 90
• 930 x 180
• 970 x 90
• 970 x 250
• 980 x 120

File types:

• Image: JPEG, PNG, GIF
• Flash: SWF (Flash versions 4 through 11.2)
• HTML5: HTML, CSS, JS, JPEG, PNG, and GIF

Maximum file size:

• Initial: 150K recommended
• Total load size*: 2.2 MB maximum*Total load size includes initial and subsequent/polite loads

Animation length:

• Maximum host-initiated play: 30 seconds
• Maximum user-initiated play (click required): 4 minutes

Maximum frame rate:

• 24fps

Creatives

Except where indicated otherwise in this policy, all creatives related to a third-party tag must comply with Google’simage ad policies.

• 150 KB maximum for initial load is recommended for the fastest initial load time. Additional load must be “polite” and total load may not exceed 2.2MB.
• Creatives may not expand past ad unit boundaries unless they are rich media ads built according to the specifications described under the section “Expandable ad units” below.
• All creatives must be free of applications including, but not limited to, ActiveX, viruses, exit pops, spyware, and malware.
• Third-party ads containing Flash must not exceed 40% of a user’s CPU. Common causes of high CPU use are continued animation, heavy animation sequences, and animation that surpasses the 30-second limit. If applicable, you can use the Task Manager feature in Windows to check for compliance with this rule.
• Creative coding may not use cross-domain scripting or set cookies in unapproved domains.
• All creatives must open in new windows. The target window for the click-through URL must be set to “_blank” so the click-through will open in a new window. Do not leave the target statement undeclared.
• All sound and animation (including video) must stop upon exit click.
• On all ads with partially black, white, or transparent backgrounds, you must add a visible border of a contrasting color to the majority background color of the creative.
• The http headers for Google’s click-tracking URL must be sent by the user’s browser. A client-side HTTP request, not a server-side request, must be sent to the Google click-tracking URL.
• You must supply a default image.
• For Flash creatives:
  • Creatives must be built to use Flash versions 4 through 11.2.
  • If the browser doesn’t support the Flash version used for your creative, the default image will be served.
  • The last frame of the animation must include the following code in action script: “stop()”.
  • You must include a clickTag layer. The clickTag layer must be the topmost layer.
  • You may use a maximum of 2 clickTags in a single creative.
  • Creatives must support Google’s click tracking. Where supported, all click events must be passed to Google

Expandable ad units are accepted on the Google Display Network according to the following policies:

Technical specifications

Expandable ads guidelines

• Expandable ads are currently available to advertisers supported by a dedicated account manager.
• Expandable ads must be designed to be multi-directional and to use the Google expandable ad API.
• Depending on its placement, an ad must expand in one plane (either left or right, up or down) only. The ad may not expand in two directions at the same time.
• The initial unexpanded layer of the creative must have a z-index value that is less than 9010, and the expanded layer must have a z-index value greater than 11100. This is to accommodate for any Online Behavioral Option Icon provided by Google and/or a 3rd-party vendor. Please read the section below called “Online Behavioral Advertising Option Icon” for more details about this icon.
• Expandable ads currently depend on use of JavaScript tags. Iframe tags cannot be used.
• Expandable ads are not currently available through the Google Display Network’s Reservation program.
• A vendor must receive specific certification to serve expandable ads on the Google Display Network. Approved expandable ads rich media vendors include:
  • DoubleClick Rich Media
  • eyeReturn Rich Media
  • EyeWonder Rich Media
  • Flashtalking Rich Media
  • Interpolls Rich Media
  • Linkstorm Rich Media
  • MediaMind Rich Media
  • Mediaplex Rich Media
  • Oggifinogi Rich Media
  • Pointroll Rich Media

Third-party in-stream ads are accepted on the Google Display Network according to the following policies:

Technical specifications

* Note: Both sizes can be accepted, but companion serving support depends on publisher specifications.

Creatives

• Third-party in-stream ads and their companion banner ads must be served via a linear VAST tag (pre-fetch tag) by a Google VAST-approved vendor.
• The VAST tag must comply with Google’s XML summary for VAST ad server response.
• Consistent Node Value: Please be sure that your all of your VAST tags include a specific consistent value for your company in the <AdSystem> node in the VAST XML. For example, Google would always include the following for all our VAST tags: <AdSystem>Google</AdSystem>
• Unique Ad ID Value: Each VAST tag generated should include a unique value for the “id” attribute in the node. Two different VAST tags should not have the same Ad id value. For instance:
  – VAST tag 1:  <Ad id=”3947179″>
  – VAST tag 2:  <Ad id=”8741831″>
• In order for Google’s Flash SDK to serve video ads from a third-party ad server, the third-party ad server must include a crossdomain.xml with specifications to allow access to all specific Google domains or all domains. Also, the attribute secure needs to be set to “false”. The crossdomain.xml should be formatted as follows: <cross-domain-policy>
  <!– Allow access to ALL domains
  <allow-access-from domain=”*” secure=”false”/>
  <!– OR allow access to the domain from originating request
  </cross-domain-policy>

  IMPORTANT NOTE: When you add a domain to your website’s crossdomain.xml file, any Flash file hosted within that domain can access data belonging to users logged into your website. Due to this, you should generally not add advertising network hosts to crossdomain.xml files on websites that contain authenticated functionality such as user profiles.

• In order for Google’s HTML5 SDK to serve video ads from a third-party ad server, the third-party ad server must return a CORS header on all endpoint URLs that do not return static files.Access-Control-Allow-Origin: [allow access to the domain from originating request]
  OR Access-Control-Allow-Origin: *

  Note: Access-Control-Allow-Origin: * cannot be use in combination with Access-Control-Allow-Credentials: true

• Audio is not allowed for companion ads.
• For VAST companion technical specifications, please refer to the “Standard Banner Ads” section.

• VAST wrappers are not currently allowed on the Google Display Network via AdWords.

Please see the TrueView ad specifications.

Creatives

Except where indicated otherwise in this policy, all creatives related to a third-party tag must comply with Google’simage ad policies.

• Standard format image tags, iFrame and Javascript tags are eligible to run on the AdMob In-App Network. Keep in mind that the third party ad server will determine which creative to serve, so if a tag contains an unsupported file type (such as SWF), the ad server will serve the backup/default creative.
• All creatives must be free of applications including, but not limited to, ActiveX, viruses, exit pops, spyware, and malware.
• Creative coding may not use cross-domain scripting or set cookies in unapproved domains.
• Creatives must support Google’s click tracking. Where supported, all click events must be passed to Google.
• Creatives with partially black or white backgrounds must include a visible border of a contrasting color to the majority background color of the creative.
• All creatives must open in new windows. The target window for the click-through URL must be set to “_blank” so the clickthrough will open in a new window. Do not leave the target statement undeclared.
• The http headers for Google’s click-tracking URL must be sent by the user’s browser. A client-side HTTP request, not a server-side request, must be sent to the Google click-tracking URL.

SSL-compliant ad units are accepted on the Google Display Network according to the following policies. We require that all ads and tracking pixels targeting SSL inventory are SSL-compliant. As SSL inventory increases on the web, non SSL-compliant ads will have fewer opportunities to serve and will win fewer auctions. To ensure your ads are eligible for the most amount of inventory, ads should follow the SSL-compliant ad guidelines below.

SSL-compliant ads guidelines

• Please notify your Google account representative that you are submitting an SSL-compliant ad. Note that if an ad is declared as SSL- compliant but makes any non-SSL-compliant responses, the ad will be disapproved.
• For secure pages (HTTPS://) the ad, creative and tracking pixels must only use HTTPS. Additionally, for ads and creatives loaded using a secure connection (HTTPS://), all subsequent requests to media assets or tracking URLs must also use a secure connection (HTTPS://). This means that all creatives must be able to deliver over HTTP and HTTPS without the need for special trafficking. If tracking pixel URLs are provided, they must be SSL compliant (begin with HTTPS://). The only part of an ad permitted to be non-SSL compliant is the click URL (target landing page).
• Any 4th-party calls to other technologies within the ad unit must also be from SSL-compliant vendors.
• Approved SSL-compliant ad vendors are listed in the Vendors lists.

You must comply with these policies if you use third-party tracking, including pixels (beacons) on the Google Display Network. The policies under “SSL-compliant ad units” also apply.

Format

Only 1×1 pixels are supported for third-party tracking site-served ad units. Javascript is not allowed.

Click trackers are supported for third-party tracking clicks on select site-served ad units. See the Ad formats section for a full list.

Certified vendors

AdWords supports third-party tracking on the Google Display Network from certified vendors. Please consult thelist of certified vendors for your region in the Vendor list section. Buyers may only use a technology vendor approved by Google, which must be declared per Google instructions.

Click-tracking vendors are not required to be certified.

Fourth-party calls and multiple vendor tracking

Multiple impression pixels per event are not supported for our site-served and/or video ad units through AdWords. However, clients may daisy-chain multiple vendor tracking and/or fourth-party calls into a single asset. This must be a standard format 1×1 pixel that fires simultaneous calls to each vendor upon serving the impression. The client or agency is responsible for piggybacking or daisy-chaining the pixels.

Ad formats

Third-party pixels are supported on the below ad formats. Some ad formats allow for multiple events to be tracked. However, only one pixel can be appended per event.

Companion banners

Separate tracking for companion banners is not supported for auction video ads. Videos and their accompanying companion banners will share the same tracking assets.

Google reserves the right to remove any ads deemed intrusive or inappropriate. Please review our advertising policies for more information.

Ads must:

• On all ads with partially black, white, or transparent backgrounds, you must add a visible border of a contrasting color to the majority background color of the creative.
• Conform to Google’s specifications.
• Contain family safe content.

Ads may not:

• Contain fake hyperlinks.
• Resemble Windows, Unix, or Mac dialog boxes.
• Simulate fake interactivity.
• Contain sexual content.
• Contain audio (exception: user-initiated rich media ads).
• Initiate downloads.
• Be intrusive.
• Advertise competitive content.
• Contain misleading content.

• Cookies and targeting: You may use cookies for reporting purposes and creative selection, provided that the data you use was collected in accordance with industry standards:
  • NAI Self-Regulatory Code of Conduct for Online Behavioral Advertising (www.networkadvertising.org)
  • IAB UK Good Practice Principles for Online Behavioral Advertising (www.youronlinechoices.com)

  Where there is a conflict between the NAI and IAB UK policies, the more stringent policy applies. Google determines at its own discretion whether or not you are compliant with these standards.

  In particular, the certification process requires you to have the following:

  • A descriptive privacy policy on your site
  • A prominent link to opt-out from the privacy policy
  • No PII used in the creation of segments (including PII related to the user’s mobile phone device)
  • No sensitive segments or segments targeted at children under 13 years of age
  • No packet sniffing in the collection of behavioral data

  You may not use locally shared object (LSO) technologies (including but not limited to flash cookies, browser helper objects, or HTML5 localStorage) or device fingerprints for behavioral advertising, ad delivery, reporting, and/or multi-site advertising.

• Data collection: You may use a cookie, web beacon, or other tracking mechanism to collect anonymous traffic data for purposes of aggregated reach, frequency and/or conversion reporting, provided you use a certified third party vendor for this purpose. Collecting impression-level data via cookies or other mechanisms for purposes of subsequent re-targeting, interest category categorization, or syndication to other parties on Google Display Network inventory is prohibited. (This restriction does not apply to click- or conversion-level data.) You may not associate cookies, web beacons, or other tracking mechanisms with personally- identifiable information (PII) for any purpose or with precise user location for behavior targeting unless the user has knowingly and expressly opted in. (For purposes of this document, PII and precise user location does not include IP addresses.) You will not, and will not assist or knowingly permit any third party, to set a cookie, or alter or delete a cookie set, on any Google owned and operated domains, including, without limitation, on a DoubleClick domain. You must display a prominent privacy policy with an option for users to persistently opt out of any cookie, web beacon, or other tracking mechanism set by you for data collection.

• Fourth-party calls: All ads may only include tracking elements from certified third-party servers or research vendors already approved by Google. No fourth-party calls are permitted, except tracking elements associated with certified third-party servers or research vendors expressly authorized by Google. All tags may only be associated with a single advertiser. Multiple advertisers cannot be represented through a single tag.

• Creative approval: All creatives and tags that call the third-party server or research vendor must be fully tested and pre-approved by Google Ad Operations at least 72 hours prior to the campaign start date.

• Creative modifications: Creative substitution or modification via the third-party vendor without prior approval isn’t allowed. All creatives must be pre-approved by Google Ad Operations. Any ads with dynamically changing content must be initially reviewed and pre-approved by Google Ad Operations but may be exempt from additional reviews and approvals at Google’s sole discretion.

• Delays due to revisions: Any ad element not meeting the specifications in this policy will be returned for revision, which may cause a campaign delay.

• Tag performance: Tags must display consistently. If a tag doesn’t conform to our performance or reliability standards, we reserve the right to pause or stop the campaign.

• Sending tags: All tags must be sent in an email text attachment, not in the body of an email.

• Reporting: Traffic or impression reports provided by Google will be the reports of record between Google and the advertising partner. Any reports delivered to the advertising partner by the third party will not affect the rights or obligations of Google and the advertising partner.

• Data from context-aware macros: Unless permitted otherwise by Google in writing, you may only use data from context- aware macros exclusively for the impression associated with that data. You may not use data from context-aware macros elsewhere or at any other time.

• Site-level tagging: If you use Google’s placement targeting feature, you must aggregate a minimum of four unique web properties with adequate impression distribution across properties with each ad tag. You may not associate impression-level cookies, web beacons, or other tracking mechanisms with individual sites.
• Brand Features and Publicity: You may not publicly indicate your participation or compatibility with the program or disclose any relationship between you and Google without Google’s prior written approval.
• Google Analytics auto-tagging: Google Analytic’s auto-tagging feature is not currently compatible with third-party served ads. If you rely on auto-tagging, we suggest using separate accounts for third-party served ads and AdWords-hosted ads. Follow these instructions to enable or disable auto-tagging.
• Policies:
  • When creating ads, you may not use cross-domain scripting or set cookies in unapproved domains.
  • Ads must support Google’s click-tracking. Where supported, all click events must be passed to Google.
  • The http headers for Google’s click-tracking URL must be sent by the viewer’s browser. A client-side HTTP request, not a server-side request, must be sent to the Google click-tracking URL.

A pop-up:

• Is a window that opens in addition to the original window.
• Includes pop-unders, timed or intermittent pop-ups, mock system warnings, and pages that automatically initiate a download.
• Is prohibited regardless of its content.

Audio requirements:

• Effects must be user-initiated on click; ads may not play sound automatically.
• Audio settings must be set to ‘off’ by default.
• Users must have the option to mute all audio in the ad.
• Audio volume must be encoded at no more than -12 db.

Ads may not directly capture any personally-identifiable user information. Personal information includes, but isn’t limited to, e-mail addresses, telephone numbers, and credit card numbers. No sensitive information can be collected through the ad.

You may not associate cookies, web beacons, or other tracking mechanisms with personally-identifiable information (PII) for any purpose or with precise user location for behavior targeting unless the user has knowingly and expressly opted in. (For purposes of this document, PII and precise user location does not include IP addresses.)

If authorized by Google, you may implement research studies in connection with an ad campaign. If expressly approved by Google, these research studies may be exempt from some of the third-party serving restrictions outlined above.

All research must be conducted as follows:

• You may conduct research only for the purpose of measuring the effectiveness of mutually agreed-upon, ad-served advertising placements purchased through Google.
• Google must approve, in writing, the public disclosure of any campaign-specific data and compilation or aggregation of data across multiple campaigns attributable to Google prior to any such disclosure.
• Only a third-party research provider that appears on Google’s approved provider list may conduct research.
• All methodologies and survey tools (including recruitment processes, incentives, solicitation/invitation content, questionnaire content, data collection, and survey appearance) will be subject to Google’s advance approval.
• For brand studies, please reference the following survey content guidelines.
• You are responsible for ensuring that all survey results and associated data are kept strictly confidential, and that personally- identifiable data is not solicited or collected, except as necessary by you for granting incentives to research participants. All personally-identifiable data may be used only to deliver the relevant incentives, and such data must be destroyed promptly following delivery of the relevant incentives.
• If you are a verification or audience metric service provider, as classified by Google, you must be able to demonstrate that your service has gone through a formal third-party audit. Any data you collect must be used strictly for reporting against the advertiser’s campaign. You must not collect site-level information (domain/URL) in connection with a cookie. You may not sell or make available for resale any information you may collect via your service to others. You may not share or aggregate data beyond the advertiser’s campaign for whom you are providing the reporting. Note: Verification Services are not permitted to drop cookies.
• Verification and audience metric service providers may only be used for research and analytics purposes. You may not use any technology that will effect or prevent the serving of the ad, which includes but is not limited to services like ad blocking. Certification of these vendors only indicates that Google permits their use by clients on our network, but Google does not validate the accuracy of the data and analysis reported by any research vendors in our program including but not limited to verification and audience metric service providers. Google does not offer credits for any discrepancies between our reports and the third party’s reports or for any issues flagged by these types of services.

If you would like to display a third-party Advertising Option Icon for online behaviorally targeted ads, you must abide by the following requirements:

• For ads served on the Google Display Network for most publishers, Google’s Advertising Option Icon (“AdChoices”) will appear at the top right corner of the ad unit in accordance to industry standards.
• If you choose to use a third-party Advertising Option Icon and layer it over the Google Advertising Option Icon, the third-party vendor is responsible for complying to the requirements outlined by the Self- Regulatory Program for Online Behavioral Advertising (www.aboutads.info), which includes but is not limited to the following specifications:
  • The layer must use the Advertising Option Icon’s official 76×15 “AdChoices” image. If the 19×15 “i” image is used instead, the layer should change to the full 76×15 “AdChoices” image upon mouseover.
  • The Icon must appear in the top-right corner of the ad.
  • The ad must have a z-index value of less than 9010 to ensure that the Google and third-party icon appear above the ad. If you are using an expandable ad unit, the initial unexpanded layer of the creative must still have a z-index value that is less than 9010, and the expanded layer must have a z-index value greater than 1110.
• Additionally, if a third-party Advertising Option Icon covers the Google Advertising Option Icon, the 3rd-party icon must include the Google Display Network as a company associated with user data collection and/or usage within the ad, and the user must be provided with Google’s cookie opt-out.
• Any privacy notification must appear within the ad units boundaries or open in a new browser window. No pop-ups are allowed.
• Any vendors that are permitted by Google to display an Advertising Option Icon may not write and/or read cookies in association with any functionality of the icon.
• You may only serve third-party Advertising Option Icons from a Google-approved vendor. See the list ofapproved AdWords third-party vendors and search for vendors that include “Advertising option icon” in the “Product offerings” column.

• Cookies and targeting: You may use cookies for reporting purposes and to target ads, provided that the data you use was collected in accordance with industry standards:
  • NAI Self-Regulatory Code of Conduct for Online Behavioral Advertising (www.networkadvertising.org)
  • IAB UK Good Practice Principles for Online Behavioral Advertising (www.youronlinechoices.com)

  Where there is a conflict between the NAI and IAB UK policies, the more stringent policy applies. Google determines at its own discretion whether or not you are compliant with these standards.

  In particular, the certification process requires you to have the following:

  • A descriptive privacy policy on your site
  • A prominent link to opt-out from the privacy policy
  • No PII used in the creation of segments (including PII related to the user’s mobile phone device)
  • No sensitive segments or segments targeted at children under 13 years of age
  • No packet sniffing in the collection of behavioral data

  You may not use locally shared object (LSO) technologies (including but not limited to flash cookies, browser helper objects, or HTML5 localStorage) or device fingerprints for behavioral advertising, ad delivery, reporting, and/or multi-site advertising.

• Data collection: You may use a cookie, web beacon, or other tracking mechanism to collect anonymous traffic data for purposes of aggregated reach, frequency and/or conversion reporting, provided you use a certified third party vendor for this purpose. Collecting impression-level data via cookies or other mechanisms for purposes of subsequent re-targeting, interest category categorization, or syndication to other parties on Google Display Network inventory is prohibited. (This restriction does not apply to click- or conversion-level data.) You may not associate cookies, web beacons, or other tracking mechanisms with personally- identifiable information (PII) for any purpose or with precise user location for behavior targeting unless the user has knowingly and expressly opted in. (For purposes of this document, PII and precise user location does not include IP addresses.) You will not, and will not assist or knowingly permit any third party, to set a cookie, or alter or delete a cookie set, on any Google owned and operated domains, including, without limitation, on a DoubleClick domain. You must display a prominent privacy policy with an option for users to persistently opt out of any cookie, web beacon, or other tracking mechanism set by you for data collection. Please note that 3rd-party reported reach and frequency numbers tend to be less accurate on the mobile platform.
• Fourth-party calls: All ads may only include tracking elements from certified third-party servers or research vendors already approved by Google. No fourth-party calls are permitted, except tracking elements associated with certified third-party servers or research vendors expressly authorized by Google.
• Tag performance: Tags must display consistently. If a tag doesn’t conform to our performance or reliability standards, we reserve the right to pause or stop the campaign.
• Reporting: Traffic or impression reports provided by Google will be the reports of record between Google and the advertising partner. Any reports delivered to the advertising partner by the third party will not affect the rights or obligations of Google and the advertising partner.

DoubleClick Ad Exchange buyers of ad inventory displayed on websites must follow the same policies detailed in the AdWords section, Technical specifications and creatives.

DoubleClick Ad Exchange buyers of ad inventory displayed in mobile applications (“In-App Ads”) must follow the technical specifications and creatives immediately below:

SSL-compliant ad units are accepted on the Google Display Network according to the following policies:

SSL-compliant ads guidelines

• All ad responses must be SSL-compliant (“HTTPS”). All servers involved require full SSL certification.
• It is preferred that your ad tag can auto-detect that it is being requested from the HTTP/HTTPS protocol and will auto-adjust any responses to be SSL-compliant if necessary. Otherwise, Google has a protocol macro that we can insert in any URIs or ad tags to auto-update “http” to “https” if necessary.
• Any 4th-party calls to other technologies within the ad unit must also be from SSL-compliant vendors that have been certified by Google.
• AdX buyers must declare through RTB or the AdX UI that the ad is SSL-compliant. Note that if an ad is declared as SSL-compliant but makes any non-SSL-compliant responses, the ad will be disapproved.
• Please see the section In-stream video ad units (VAST-compliant) for SSL-compliant VAST ad specifications.
• A vendor must receive specific certification to serve ads on SSL-compliant publisher inventory. Approved SSL-compliant ad vendors are listed in the Vendors lists.

For the DoubleClick Ad Exchange, Expandable ad units are not allowed on Google Display Network Inventory.

Third-party in-stream video ads are accepted on the DoubleClick Ad Exchange according to the following policies:

Technical specifications

Creatives

• Third-party, in-stream ads must be served via a linear VAST tag (pre-fetch tag) by a VAST vendor approved specifically for the DoubleClick Ad Exchange:
• The VAST tag must comply with Google’s XML summary for VAST ad server response.
• For each video ad served in the VAST tag, there needs to be a minimum of 2 separate nodes included – one for MP4 and WebM video formats. Other formats may be included, but will not be used.
• Consistent <AdSystem> Node Value: Please be sure that your all of your VAST tags include a specific consistent value for your company in the <AdSystem> node in the VAST XML. For example, Google would always include the following for all our VAST tags: <AdSystem>Google</AdSystem>
• Unique Ad ID Value: Each VAST tag generated should include a unique value for the “id” attribute in the node. Two different VAST tags should not have the same Ad id value. For instance:
  – VAST tag 1:  <Ad id=”3947179″>
  – VAST tag 2:  <Ad id=”8741831″>
• Note that only the following resource types will be allowed for node in the VAST XML:
  • StaticResource: URI to a static file, such as an image or SWF file
  • IFrameResource: URI source for an IFrame to display the companion element

  The HTMLResource type will no longer be permitted.

• For Google’s Flash SDK to serve video ads from a 3rd-party ad server, the 3rd-party ad server must include a crossdomain.xml with specifications to allow access to all specific Google domains or all domains. Also, the attribute secure needs to be set to “false”. The crossdomain.xml should be formatted as follows: <cross-domain-policy>
  <!– Allow access to ALL domains
  <allow-access-from domain=”*” secure=”false”/>
  <!– OR allow access to the domain from originating request
  </cross-domain-policy>

  Important: When you add a domain to your website’s crossdomain.xml file, any Flash file hosted within that domain can access data belonging to users logged into your website. Due to this, you should generally not add advertising network hosts to crossdomain.xml files on websites that contain authenticated functionality such as user profiles.

• For Google’s HTML5 SDK to serve video ads from a third-party ad server, the third-party ad server must include a CORS header in all of its responses. The CORS header must be formatted as follows:Access-Control-Allow-Origin: [allow access to the domain from originating request]
  OR Access-Control-Allow-Origin: *

  Note: Access-Control-Allow-Origin: * cannot be use in combination with Access-Control-Allow-Credentials: true

• Audio is not allowed for companion ads.
• Creatives may not expand past ad unit boundaries.
• On all ads with partially black, white, or transparent backgrounds, you must add a visible border of a contrasting color to the majority background color of the creative.
• All creatives must be free of applications including, but not limited to, ActiveX, viruses, exit pops, spyware, and malware.
• Companion ads containing Flash must not exceed 50% of a user’s CPU. Common causes of high CPU use are continued animation, heavy animation sequences, and animation that surpasses the 30-second limit. If applicable, you can use the Task Manager feature in Windows to check for compliance with this rule.
• Creative coding may not use cross-domain scripting or set cookies in unapproved domains.
• All creatives must open in new windows. The target window for the click-through URL must be set to “_blank” so the click-through will open in a new window. Do not leave the target statement undeclared.
• For Flash creatives:
  • Creatives must be built to use Flash versions 7 through 11.2 (AS2 & AS3).
  • You must supply a default image. If the browser doesn’t support the Flash version used for your creative, the default image will be served.
  • The last frame of the animation must include the following code in actionscript: “stop()”.
  • You must include a clickTag layer. The clickTag layer must be the topmost layer.
  • You may use a maximum of 2 clickTags in a single creative.
  • Creatives must support Google’s click tracking. Where supported, all click events must be passed to Google.
• For VAST wrappers:
  • No more then 1 (one) VAST wrapper redirect to 1 (one) VAST In-Line is permitted.
  • Supported TrackingEvents (wrapper may include more than one node per each event):
    • start
    • firstQuartile
    • midpoint
    • thirdQuartile
    • complete
    • mute
    • unmute
    • pause
    • resume
• For SSL-compliant VAST ads:
  • A vendor must receive separate certification to serve VAST ads on SSL-compliant publisher inventory.
  • All ad responses must be SSL-compliant (“HTTPS”). All servers involved require full SSL certification.
  • It is preferred that your VAST tag can auto-detect that it is being requested from the HTTP/HTTPS protocol and will auto-adjust the URIs and companion banners to be SSL-compliant if necessary. Otherwise, Google has a protocol macro that we can insert in your VAST tag to auto-update “http” to “https” if necessary.
  • The vendor/AdX buyer must ensure that any URIs within the VAST XML (e.g. the , , and other nodes) that are served by a party other than the primary VAST vendor are also from vendors approved by Google for SSL-compliant ad serving/tracking.
  • The companion ad banner as well as any 4th-party calls to other technologies within the companion ad banner must also be made from SSL-compliant vendors that have been certified by Google.
  • AdX buyers must declare through RTB or the AdX UI that the ad is SSL-compliant. Note that if an ad is declared as SSL- compliant but makes any non-SSL-compliant responses, the ad will be disapproved.

• VPAID will be available on non-GDN Ad Exchange inventory and must follow the following policies:
  • Live feeds or User-Generated Content are not accepted.
  • Overlays and other non-linear formats are not currently accepted.
  • All VPAID tags must conform to all current AdX VAST 2.0 and 3.0 policies.

DoubleClick Ad Exchange buyers must follow the same policies detailed in the AdWords section on General guidelines and editorial policies.

DoubleClick Ad Exchange buyers must following the same policies detailed in the AdWords section on Pop-up windows.

DoubleClick Ad Exchange buyers must following the same policies detailed in the AdWords section on Audio effects.

DoubleClick Ad Exchange buyers must follow the same policies detailed in the AdWords section on Personally-identifiable information.

If authorized by Google, you may implement research studies in connection with an ad campaign. If expressly approved by Google, these research studies may be exempt from some of the third-party serving restrictions outlined above. Research tags may not be used in in-app ad campaigns.

All research must be conducted as follows:

• You may conduct research only for the purpose of measuring the effectiveness of mutually agreed-upon, ad-served advertising placements purchased through Google. You may only use a web beacon or other tracking mechanism in order to track a user’s exposure to an ad. No surveys or survey invitations are allowed to be served on the Google Display Network via the DoubleClick Ad Exchange. When trafficking 3rd-party tags that serve surveys and survey invitations, the appropriate research vendor needs to be selected from the “Ad Technology” drop-down in the user interface. This will allow the survey and survey invitations to run on other AdX inventory, but not the Google Display Network.
• Google must approve, in writing, the public disclosure of any campaign-specific data and compilation or aggregation of data across multiple campaigns attributable to Google prior to any such disclosure.
• Only a third-party research provider that appears on Google’s approved provider list may conduct research.
• You are responsible for ensuring that all survey results and associated data are kept strictly confidential, and that personally- identifiable data is not solicited or collected, except as necessary by you for granting incentives to research participants. All personally-identifiable data may be used only to deliver the relevant incentives, and such data must be destroyed promptly following delivery of the relevant incentives.
• If you are a verification or audience metric service provider, as classified by Google, you must be able to demonstrate that your service has gone through a formal third-party audit. Any data you collect must be used strictly for reporting against the advertiser’s campaign. You must not collect site-level information (domain/URL) in connection with a cookie. You may not sell or make available for resale any information you may collect via your service to others. You may not share or aggregate data beyond the advertiser’s campaign for whom you are providing the reporting. NOTE: Verification Services are not permitted to drop cookies.
• Verification and audience metric service providers may only be used for research and analytics purposes. You may not use any technology that will effect or prevent the serving of the ad, which includes but is not limited to services like ad blocking. Certification of these vendors only indicates that Google permits their use by clients on our network, but Google does not validate the accuracy of the data and analysis reported by any research vendors in our program including but not limited to verification and audience metric service providers. Google does not offer credits for any discrepancies between our reports and the third party’s reports or for any issues flagged by these types of services.

If you would like to display a third-party Advertising Option Icon for online behaviorally targeted ads, you must abide by the following requirements:

• If you choose to use a third-party Advertising Option Icon, the third-party vendor is responsible for complying to the requirements outlined by the Self-Regulatory Program for Online Behavioral Advertising (www.aboutads.info), which includes but is not limited to the following specifications:
  • The layer must use the Advertising Option Icon’s official 76×15 “AdChoices” image. If the 19×15 “i” image is used instead, the layer should change to the full 76×15 “AdChoices” image upon mouseover.
  • The Icon must appear in the top-right corner of the ad.
• Any privacy notification must appear within the ad units boundaries or open in a new browser window. No pop-ups are allowed.
• Any vendors that are permitted by Google to display an Advertising Option Icon may not write and/or read cookies in association with any functionality of the icon.
• You may only serve third-party Advertising Option Icons from a Google-approved vendor. See the list of approved Ad Exchange vendors and search for vendors that include “Advertising option icon” in the “Product offerings” column.