Google added a new section to its anti-spam policies designating “back button hijacking” as an explicit violation under the malicious practices category. Enforcement begins June 15, giving websites two months to make changes.
Google published a blog post explaining the policy. It also updated the spam policy documentation to list back button hijacking alongside malware and unwanted software as a malicious practice.
What is back button hijack
Back button hijacking occurs when a site interferes with browser navigation and prevents users from returning to the previous page. Google’s blog post describes several ways this can happen.
Users may be redirected to pages they have never visited. They may see unsolicited recommendations or advertisements. Or they might be unable to return at all.
Google wrote in the blog post:
“When a user clicks the browser’s ‘Back’ button, they have a clear expectation: they want to return to the previous page. Hijacking the Back button breaks this fundamental expectation.”
Why Google is acting now
Google said it has seen an increase in this behavior across the web. The blog post noted that Google had previously warned against inserting misleading pages into browser history, referring to an article from 2013 on the subject, and said that this behavior “has always been contrary” to Google Search Essentials.
Google wrote:
“People report feeling manipulated and ultimately less willing to visit unfamiliar sites.”
What the app looks like
Sites involved in Back button hijacking risk manual spam penalties or automated demotions, which can reduce their visibility in Google search results.
Google is granting a two-month grace period before the app begins on June 15. This follows a similar pattern to that of Spam policy extension in March 2024which also gave sites two months to comply with the new policy on site reputation abuse.
Third party code as source
Google’s blog post acknowledges that some back button hijackings may not come from the site owner’s code.
Google wrote:
“Some instances of back button hijacking may originate from included libraries or the site’s advertising platform.”
Google’s wording indicates that sites may be affected even if the problems originate from third-party libraries or advertising platforms, putting the onus on websites to review what appears on their pages.
How this fits into Google’s anti-spam policy
The addition falls under the jurisdiction of Google category of malicious practices. This section discusses behaviors that cause a gap between user expectations and experiences, including the distribution of malware and the installation of unwanted software. Google expanded the existing spam policy category instead of creating a new one.
THE March 2026 Anti-Spam Update completed its deployment less than three weeks ago. This update applied existing policies without adding new ones. Today’s announcement adds new policy language ahead of the June 15 effective date.
Why it matters
Sites using ad scripts, content recommendation widgets, or third-party engagement tools must audit these integrations by June 15. Any script that manipulates browser history or prevents normal navigation with the back button is now a potential spam violation.
The two-month window is the compliance period. After June 15, Google may take manual or automated actions.
Sites that receive a manual action can submit a request for reconsideration via Search Console after resolving the issue.
Looking to the future
Google did not say whether the app would come via a dedicated spam update or via ongoing SpamBrain and manual review.
