Google Classifies Back Button Hijacking as Spam, Enforcement Starts 15 June 2026

On 14 April 2026, Google published a new spam policy targeting back button hijacking, with enforcement set to begin on 15 June 2026. The two-month advance notice is unusual for Google, which typically announces and enforces spam policies simultaneously or with minimal lead time.

What back button hijacking is

What back button hijacking is

Back button hijacking occurs when a site manipulates browser history to prevent users from navigating back to the page they came from. In practice, this means a site inserts one or more phantom entries into the browser’s history stack, so that pressing the back button loads another page on the same domain, or loads the same page again, rather than returning the user to the referrer.

Common implementations include:

• JavaScript that calls history.pushState or history.replaceState to overwrite a user’s navigation history
• Redirect chains that insert intermediate pages the user never explicitly visited
• Third-party advertising or engagement scripts that append history states as a side effect of loading

The experience is familiar to users and consistently rated as one of the more frustrating patterns on the web. Google’s decision to treat it as spam formalises what has long been considered a dark pattern.

The new policy

Google has added back button hijacking as an explicit violation of its malicious practices spam policy. Affected pages are eligible for manual spam actions, algorithmic demotions, or both.

The policy statement covers “any script or technique that inserts or replaces deceptive or manipulative pages into a user’s browser history that prevents them from using their back button to immediately get back to the page they came from.”

Enforcement starts 15 June 2026. Google says it is sending email notifications through Google Search Console as reminders to affected sites.

Third-party scripts are in scope

A significant detail in the policy is that third-party scripts are explicitly included. Sites using advertising integrations, content recommendation widgets, or third-party engagement tools that implement back button hijacking as part of their functionality are responsible for the behaviour, regardless of whether the script is first-party or vendor-supplied.

This affects sites that may have no direct knowledge that they are affected. A site running a content recommendation widget or a monetisation script may have back button hijacking introduced by the vendor without any deliberate choice on the publisher’s part. The audit required before 15 June needs to cover the full script inventory, including third-party code.

What to do before 15 June

The action is to identify and remove any script, first-party or third-party, that manipulates browser history in ways that prevent users from returning to the referring page. Practically:

1. Open browser DevTools, navigate to the site, and check what happens when the back button is pressed on various pages.
2. Audit third-party scripts, particularly advertising and content recommendation integrations, by testing with and without each one loaded.
3. If a vendor script is the source, raise it with the vendor. If the issue cannot be resolved before 15 June, consider removing the integration temporarily.
4. Check Google Search Console for any notifications from Google about this issue.

Sources

• Introducing a new spam policy for “back button hijacking” — Google Search Central Blog
• New Google Spam Policy Targets Back Button Hijacking — Search Engine Journal
• Google Search to penalize back button hijacking schemes — Search Engine Land
• Google sets June 15 deadline to stop hijacking users’ back button — PPC Land