ShieldLabs
Back to blog

How to detect invalid traffic (IVT): types, causes, and signals

Invalid traffic: a stream of ad sessions flowing into a campaign, where grey bot and masked sessions are filtered out as invalid and green genuine-human sessions pass as valid

Last updated on July 16, 2026 · 9 min read

Every advertiser pays for clicks and impressions on the assumption that a real person is on the other end. Invalid traffic is the share of that activity where no genuine person is, and it quietly inflates the numbers a marketing team makes decisions on. Some of it is harmless, like a search-engine crawler; some of it is a coordinated attempt to drain a budget. I ran paid acquisition for B2B products for years, and when I measured a channel's real performance, its numbers reliably dropped once invalid traffic was filtered out of them, usually by more than the dashboard suggested. This guide explains what invalid traffic is, the difference between the general and sophisticated kinds, what causes it, and how it is detected before it poisons your reporting.

Key takeaways

  • Invalid traffic (IVT) is any ad click, impression, or conversion that does not come from a genuine human with real interest.
  • The term splits two ways. General invalid traffic (GIVT) is routine non-human activity that rules and lists can catch; sophisticated invalid traffic (SIVT) is built to look human and is much harder to spot.
  • The phrase has two audiences. Advertisers see IVT as wasted spend and polluted metrics; publishers and creators see an "invalid traffic" penalty that limits their ad earnings. This article is about the advertiser side.
  • Causes range from search crawlers and datacenter bots to click farms, malware-infected devices, and competitors clicking to exhaust a budget.
  • No single check catches all of it. GIVT falls to rules and known-bot lists; SIVT needs behavioral analysis and identity signals, because the giveaway is anonymized, repeated, or contradictory sessions rather than the click itself.

What is invalid traffic (IVT)?

Invalid traffic is any ad activity, a click, an impression, a view, or a conversion, that does not come from a real user with genuine interest. It covers everything from automated bots and datacenter servers to accidental double-clicks and deliberate fraud, and the common thread is that the interaction was counted but was never a real prospect. Advertising platforms do not charge for the invalid activity they catch, but the activity they miss still distorts the data.

The same phrase points at two different problems depending on who reads it. For an advertiser, invalid traffic means budget spent on clicks that could never convert and metrics that overstate reach. For a publisher or content creator, an "invalid traffic" notice from a network like Google AdSense or YouTube is a penalty: the platform has decided too much of the traffic to their content is invalid and limits their ad earnings until it improves. The rest of this guide takes the advertiser's view, where invalid traffic is a measurement and spend problem rather than a monetization one.

GIVT vs SIVT: the two categories

Invalid traffic is formally divided into two tiers, a distinction set by industry measurement bodies and used across the ad ecosystem. The split matters because each tier calls for a completely different kind of detection.

General invalid traffic (GIVT)Sophisticated invalid traffic (SIVT)
What it isRoutine non-human activity that is not trying to hideActivity engineered to look like a genuine human
ExamplesKnown bots, search crawlers, datacenter traffic, spidersClick farms, malware-infected devices, hijacked browsers, bots that mimic human behavior
How it is caughtRules, signatures, and published bot and datacenter listsBehavioral analysis plus identity and anonymity signals
DifficultyLow, filtered routinelyHigh, the hard problem in ad fraud

General invalid traffic is the easy tier. It comes from sources that do not disguise themselves, like a search engine indexing a page or a known monitoring bot, and it can be filtered with pattern matching against well-maintained lists. Sophisticated invalid traffic is the tier that costs advertisers real money: it is deliberately built to pass as a person, through automation that imitates human mouse movement, real devices conscripted by malware, or organized click farms staffed by people. The line between them is essentially whether the source is trying to look human, and most of the detection effort goes into the side that is.

Common types and examples of invalid traffic

Within those two tiers, the activity an advertiser actually runs into tends to fall into a handful of recognizable patterns:

  • Datacenter and bot traffic. Automated requests from cloud servers or known bot networks, the bulk of general invalid traffic.
  • Search and monitoring crawlers. Legitimate indexing bots that should never have been counted as ad engagement in the first place.
  • Click farms. Groups of low-paid workers, or banks of real phones, generating clicks and installs by hand so the activity looks human.
  • Malware and hijacked devices. Real consumer devices infected and used to click ads in the background without the owner's knowledge.
  • Accidental and duplicate clicks. Mistaken taps on a poorly placed ad, or the second half of a double-click, counted as separate interactions.
  • Competitor click-bombing. A rival or bad actor repeatedly clicking paid ads with the specific aim of exhausting the daily budget.
  • Conversion and install fraud. Faked downloads, signups, or purchases that inflate the bottom of the funnel, not just the top.

Most of these ride on anonymized or repeated connections, which is the thread detection pulls on. The same masking and identity techniques show up across the wider category of ad fraud, which this article sits under as the invalid-traffic piece.

What causes invalid traffic

Invalid traffic is rarely an accident of the open web. The largest share is profit-driven: ad fraud is a paying business, and fake activity is how the people running it get paid. Bought or "boosted" traffic from discount suppliers is a frequent source, because the cheap numbers are often generated by bot farms rather than real audiences. Beyond that, misconfigured campaigns can spray ads into low-quality placements, malware turns ordinary devices into unwitting click sources, and a single motivated competitor can manufacture invalid clicks by hand. The common cause underneath all of it is that an impression or a click has a price, and anywhere there is a price there is an incentive to fake the thing being paid for.

Why invalid traffic matters for advertisers

The direct cost, budget spent on clicks that were never real, is the obvious damage, but it is not the worst of it. The deeper problem is that invalid traffic corrupts the data a team optimizes against. When fake clicks and conversions are mixed into the reporting, cost-per-acquisition looks better or worse than reality, the channels that "perform" may be the ones bringing the most fake activity, and the next budget decision is made on numbers that were never true. The effect compounds, because a channel's apparent performance often drops once invalid traffic is filtered out of it, and the gap tends to be wider than the dashboard implied. Invalid traffic does not just waste money once; it teaches the optimization to waste more.

How much of your traffic is invalid?

There is no single number, and any benchmark should be read with caution. The invalid share varies widely by channel and source: it tends to run lower on search, where intent is strong, and higher on display, programmatic, and video placements, where the inventory is broad and harder to vet. Bought or incentivized traffic skews higher still. Across the whole market the scale is large, with Juniper Research putting global advertising-fraud losses at around $84 billion a year, and the 2025 Imperva Bad Bot Report finding automated bot traffic made up 51 percent of all web traffic, but the figure that matters is your own. Because the rate moves with your channel mix and your traffic sources, measuring the invalid share in your specific campaigns tells you more than any industry average, and it is the only number you can actually act on.

How invalid traffic is detected

Before any tooling, a few patterns are visible signs of invalid traffic in a campaign: sudden unexplained spikes in clicks, a high click-through rate that produces almost no conversions, and traffic concentrated in geographies or hours that do not match the target audience. Those are prompts to look closer, not proof on their own.

Detection follows the two tiers. General invalid traffic is handled with rules and lists: requests from known datacenter ranges, recognized bot signatures, and published crawler lists are filtered before they are ever counted, and accredited measurement vendors screen this layer to a documented standard. That catches the traffic that is not hiding.

Sophisticated invalid traffic is the part that needs more than a list, because by definition it is built to pass the list. Here detection shifts to corroboration: behavioral signals (does the session move and convert like a person), and identity and anonymity signals (is the connection masked behind a VPN, proxy, or datacenter, is the device reused across many "different" clicks, does the declared browser contradict what the device actually is). No one of these is proof on its own, which is why reliable detection weighs several together and reads the contradiction rather than the single click. The generic mechanism, linking sessions back to the device behind them, is the same one that underpins ad fraud detection more broadly, so this article does not re-explain it in full.

We measured this on the sophisticated tier directly: when a burst of clicks arrived through fresh IP addresses and rebuilt browser profiles, linking each session back to the device underneath still folded them into the one source driving them, matched up to 99 percent of the time. The contradiction we read here got sharper in 2022, when Chrome began reducing the user-agent string, so a session whose declared browser no longer matches its actual device gives itself away instead of blending in.

Detecting invalid traffic with ShieldLabs

ShieldLabs reads the identity and anonymity layer of the sophisticated end. For each post-click session that lands on your page, whether it arrives from an ad or a signup, it scores that traffic for masking signals, such as VPN, anonymous proxy, datacenter IP, and anti-detect browser use, and links the device behind sessions that arrive as separate "users," so a burst of clicks routed through fresh addresses collapses back to the one source driving them. Those reads sit alongside your existing bot and IVT filtering as the identity-and-anonymity layer, covering the human and anonymized cases that list-based filtering is not built to see.

Each visit gets a risk score from 0 to 100 with the anonymity signals that fired named next to it. You read the score and the named signals through the API and webhooks and decide, by your own rules, what a high-risk click or conversion is worth, so invalid, anonymized traffic is flagged before it reaches your attribution data. The same approach runs on the ad fraud prevention page.

Sources

  1. Google: Invalid activity, Google Ad Traffic Quality
  2. Google Ads Help: About invalid traffic
  3. Media Rating Council: Invalid Traffic Detection and Filtration Standards
  4. Interactive Advertising Bureau (IAB): Ad fraud and invalid traffic resources
  5. Wikipedia: Click fraud
  6. Juniper Research: Advertising fraud loss projections
  7. Imperva: 2025 Bad Bot Report (2025)

Frequently asked questions

What is invalid traffic in simple terms?
Invalid traffic is any ad click, impression, view, or conversion that does not come from a real person with genuine interest. It includes automated bots, datacenter servers, accidental clicks, and deliberate fraud. The activity gets counted in your reporting even though it was never a real prospect, which is why it both wastes spend and distorts the numbers you optimize against.
What is the difference between GIVT and SIVT?
General invalid traffic (GIVT) is routine non-human activity that does not hide, such as search crawlers, known bots, and datacenter requests, and rules and published lists filter it out. Sophisticated invalid traffic (SIVT) is engineered to look human, through click farms, malware-infected devices, and bots that imitate real behavior, so it slips past lists and has to be caught with behavioral and identity signals. SIVT is the costly tier.
What is invalid traffic on YouTube or AdSense?
For publishers and creators, an invalid traffic notice from YouTube or Google AdSense is a penalty: the network has judged that too much of the traffic to their content is invalid and limits their ad earnings until quality improves, often for a set period. That is the publisher side of the same term. The advertiser side, covered here, is wasted spend and polluted metrics. Publisher penalty questions are best handled through the platform's own traffic-quality resources.
Is invalid traffic the same as ad fraud?
They overlap but are not identical. Ad fraud is deliberate deception for profit; invalid traffic is the broader bucket of any non-genuine activity, which includes ad fraud but also innocent cases like a search crawler or an accidental click. All ad fraud is invalid traffic, but not all invalid traffic is fraud. The distinction matters because the innocent share should be filtered quietly while the fraudulent share is worth investigating.
Does ShieldLabs detect invalid traffic?
ShieldLabs reads the identity and anonymity layer of invalid traffic. It scores each ad click and signup for masking signals like VPN, proxy, datacenter, and anti-detect browser use, links the device behind sessions that look separate, and returns a risk score from 0 to 100 with the signals named. It works alongside your bot and IVT filtering as the identity-and-anonymity layer, and the free tier covers your first 5,000 identifications.

Related articles