Rejected by Google Ads: Malicious or Unwanted Software


If you're here, unfortunately, your ad has been rejected by Google Ads / AdWords. This setback is far from ideal when launching a campaign, especially when Google's disapproval message is vague. This article is intended to help steer you in the right direction to launch your campaign and ad as soon as possible.

This article will provide you with a general overview of why Google Ads may tag your landing page(s) as malicious.

What can Unbounce's Support teams help with?

Determining what exactly is causing Google to tag your pages as malicious is outside the scope of Unbounce & our support.

Google Ads Support is your best resource for a quick solution. Their Support can share insight into why an ad was rejected and offer the steps to take for a resolution. Unbounce support will be able to look at your page with you and identify any possible causes, but without the reports exclusive to Google support, we are limited in how we can support you.

When Google Ads mistakenly catches your ad/page as malicious, the only way to have Google reconsider your ad is to connect with their Support and go through their suggestions to prove the ad rejection was an error. Then, resubmit the ad for review.

Google's team offers a helpful step-by-step guide on identifying causes for an ad rejection and how to get it approved. You can review their guide with steps on how to fix a disapproved ad.

What is malicious content or malware?

Google defines malicious content/malware as follows:

"Malware is any software or mobile application specifically designed to harm a computer, a mobile device, the software it's running, or its users. Malware exhibits malicious behavior that can include installing software without user consent and installing harmful software such as viruses..."

You can read more on what Google determines as malicious content and malware in their documentation: Malware and unwanted software & Advertising policies.

In truth, it's pretty unlikely your landing page actually contains malware or software as described above. That said, Google's complex process for detecting malicious content or malware is entirely automated! It collects information from reputable organizations that detect malicious content and malware and then focuses on the scan for such content on specific geographic locations where the most malware/malicious content is detected.

You can read more about their process for malware detection here: Google's Transparency Report.

Why Is Google Flagging My Ads & Unbounce Landing Pages as Malicious?

As we see from Google's safe browsing overview, Google casts an extensive net to ensure only secure, safe, quality content is available. As the process is automated, mistakes do happen and "innocent" content is often caught as by-catch.

When Google Ads mistakenly catches your ad/page as malicious, the only way to have Google reconsider your ad is to connect with their Support and go through their suggestions to prove the ad rejection was an error. Then, resubmit the ad for review.

Determining what exactly is causing Google to tag your pages as malicious is outside the scope of Unbounce & our support.

Unbounce does not have the necessary information to confirm why Google Ads has rejected an ad or landing page, so it's best to reach out to Google directly. 

Instruction for fixing an ad or re-submitting the ad to Google for review is found in fixing a disapproved ad.

Possible Causes for a Disapproved Google Ad

Here is a list of possible causes to help you get started in determining why Google Ads may be disapproving your ad or landing pages: 

  1. Outgoing URLs on the landing page use HTTP when the landing page is secure over HTTPS (learn more about enabling a secure domain within our documentation: Securing your Domains with SSL).
  2. If the landing page you're advertising doesn't match the ad's display URL. Google automatically disallows an advertisement if the display and destination URL are on different domains.
  3. You don’t have a page published to the root of your domain/subdomain. Eg. has a page, but is blank.
  4. Images are hosted on software that Google Ads doesn’t approve, such as unsupported image files or formats. Try changing the image formats to more recognized formats, like .ico, .png, .jpg, etc.
  5. There are redirects on the landing page domain or page URL.
  6. WordPress plugin(s) is deemed malicious by Google.
  7. Custom scripts added to the landing page are referencing external content deemed malicious by Google.
  8. You have included automatic downloads on the landing page. According to Google's Unwanted Software Policy, “download of [a] software should only begin when the user has consented to the download by clicking on a clearly-labeled download button." 
  9. You have included form fields that prompt the visitor to submit sensitive information. According to Google's Unwanted Software Policy, "software must not collect sensitive information such as banking details without proper encryption."
  10. Misrepresentation of the expected content. Here are some examples provided by their documentation:
    • “An ad containing the words 'Download' or 'Play' without identifying the software it advertises for."
    • "A "Play" button that leads to a download."
    • An ad that mimics or copies the design of another publisher's site to entice visitors but contains malicious content or unrelated software instead.
  11. Sometimes, a browser automatically searches for a favicon on your landing page. A favicon is an icon image or tab icon that’s associated with your website. If your browser does not detect a favicon installed on your page, this can return a 404 error within the browser console, and Google Ads may flag this 404 as malicious.

    To remedy this, you can install a favicon across your landing pages:
    If you’re working with the Classic Builder, see adding a favicon. If you’re building a page with Smart Builder, see how to update your page metadata, including uploading a favicon.

    Or, if you don’t wish to install a favicon, you can add this tag to the Head of your page to stop browsers from requesting a favicon:

    <link rel="icon" href="data:;base64,iVBORw0KGgo=">
    Learn more about adding custom scripts here: Adding Custom Scripts and CSS in the Classic Builder.
  12. If your website or landing page claims to offer free gifts or other incentives. This is a type of information harvesting.
  13. If your landing page does not include a privacy policy link. 

Tips for Troubleshooting Malicious or Unwanted Software

  1. Check the status of your site in Google Search Console. If you haven’t used Search Console before, enter the URL of your website and click "Add a property" to see its status. You may need to verify that you own the site.
  2. If Search Console doesn’t report any problems, your site could still have security issues that Google Ads detected. Consult with your webmaster or web hosting provider and use tools such as Stop Badware to investigate further. Or, download a tool to detect any malicious or unwanted software, such as this app provided by the Google Play store. Learn more about how Google identifies malicious or unwanted software.
  3. Remove any malicious or unwanted software. Google provides resources and instructions to help you fix your site through Help for Hacked Websites. If you can’t fix the ad’s destination, update the ad with a new destination that complies with this policy.
  4. Edit the ad. This will resubmit the ad and its destination for review.
    Most ads are reviewed within 1 business day, though some can take longer if they need a more complex review.