Ad Stacking Fraud: What It Is and How to Detect It (2026)

Ad stacking fraud is an impression-fraud technique where multiple ad creatives are layered inside a single ad slot using z-index ordering. Only the top creative is visible to the user, but every stacked ad fires its impression pixel and bills the buyer. A single 300x250 placement can charge 5-10 advertisers for one human view. The Media Rating Council’s viewability standard treats anything under 50% in-view as non-viewable, and ad stacking is one of the cleanest ways to produce that exact symptom in vendor data. ^[1] Industry verification reports have flagged ad stacking as a persistent line item in programmatic supply-chain loss estimates, contributing to the ANA’s $26.8 billion annual programmatic transparency loss figure. ^[2]

This guide explains the mechanic in concrete code-structure terms, contrasts ad stacking with its sibling pixel stuffing, walks through the five detection signals, and connects the defense to the broader click fraud protection stack.

What is ad stacking, exactly?

Ad stacking is a rendering trick, not a network trick. The fraud happens inside the page’s DOM, after the auction is won and the creatives are delivered. The MRC’s Invalid Traffic Detection and Filtration Guidelines explicitly class impressions that cannot be viewed as invalid traffic, which is the bucket ad stacking falls into. ^[1]

The mechanic, expressed as DOM structure:

<div class="ad-slot" style="position:relative; width:300px; height:250px;">
  <iframe src="creative-A.html" style="position:absolute; top:0; left:0;
          width:300px; height:250px; z-index:5;"></iframe>
  <iframe src="creative-B.html" style="position:absolute; top:0; left:0;
          width:300px; height:250px; z-index:4;"></iframe>
  <iframe src="creative-C.html" style="position:absolute; top:0; left:0;
          width:300px; height:250px; z-index:3;"></iframe>
  <iframe src="creative-D.html" style="position:absolute; top:0; left:0;
          width:300px; height:250px; z-index:2;"></iframe>
  <iframe src="creative-E.html" style="position:absolute; top:0; left:0;
          width:300px; height:250px; z-index:1;"></iframe>
</div>

Five separate creatives, five separate impression beacons firing on load, one visible ad to the user. The remaining four are rendered to the screen but covered by the highest z-index iframe. Each iframe’s impression pixel posts back to its respective DSP or SSP independently. From any single buyer’s perspective the impression looks legitimate: the creative was delivered, the pixel fired, the user was on a real page.

The variations buyers see in the wild:

• Pure z-index stacking: the textbook case above, all slots at identical coordinates
• Off-screen stacking: creatives placed at top: -9999px or behind a display: none parent
• Behind-content stacking: creatives positioned behind opaque page elements with z-index: -1
• SDK-level stacking in mobile apps — the SDK reports impressions for creatives never rendered to the device’s visible viewport

The economic logic is brutal: a publisher running 5x ad stacking charges 5x the impressions for the same human view, and the inventory looks identical from a buy-side OpenRTB bid stream. Without rendering-time verification, buyers cannot tell.

Ad stacking vs pixel stuffing — sibling fraud

The two are constantly confused. Both are impression-fraud techniques. Both fire pixels for ads no one sees. The difference is rendering geometry.

	Ad stacking	Pixel stuffing
Mechanic	Multiple full-size ads layered in one slot, z-index ordered	One ad rendered inside a 1x1 (or similar tiny) iframe
Visible to user	Only the top creative; the rest are covered	None — the iframe is too small to perceive
Viewability measurement	Renders below MRC 50%/1s threshold for stacked creatives	Renders below 50% by definition (1px is not 50% of itself in any practical sense)
Impression count inflation	5-10× per slot typical	Unlimited — pixel stuffs can be hidden inside any other ad or page element
Detection signal	Excessive iframe creation per slot, low viewability with normal CTR	Tiny iframe dimensions in vendor measurement, low viewability
Where it lives	MFA sites, double-serving slots, mobile SDKs	Inside other ads (chain stuffing), MFA sites, malicious creatives
Vendor catch rate (DV/IAS/MOAT)	High when verification tag is on the page	Very high — pixel stuffs are mechanically obvious to verification tags

The two share a fraud economy. Pixel stuffing is often used inside the bottom creatives of an ad stack — combining both techniques in the same slot. The detection stack is the same: viewability measurement plus rendering inspection.

For buyers, the practical takeaway is that filtering rules for either should target the shared symptom: impressions firing without measurable viewability. The MRC’s framework, IAB Tech Lab guidelines, and major vendor reports treat both as invalid traffic. ^{[1] [3]}

Where does ad stacking happen?

The fraud concentrates in three environments. Each has structural reasons that make stacking economical for the perpetrator and hard to detect for the buyer.

Made-for-Advertising (MFA) sites

MFA sites exist to generate ad impressions, not user value. They monetize per-impression and have minimal organic-traffic costs to amortize. Stacking 5-10 ads in a single slot multiplies their primary revenue line at zero marginal cost. The ANA’s 2024 Programmatic Transparency study found MFA sites consumed a significant share of programmatic spend before buyers began aggressive blocklisting. ^[2] Stacking on MFA inventory remains common where verification tags are absent.

Mobile in-app ad SDKs

Mobile in-app is the worst environment because the SDK controls rendering and the buyer cannot inspect the DOM. There is no DOM. The SDK reports impressions through its own SDK-to-server protocol; the buyer trusts the SDK’s claim or does not. Older SDKs, white-label SDKs, and SDKs distributed through aggregator networks have all been caught stacking impressions internally and reporting each as served. ^[3]

Second-tier publisher networks (double serving)

Some smaller networks practice double serving — running two SSP integrations into a single ad slot. Each SSP wins an auction independently and delivers a creative. Both creatives load. One is visible, the other is not. The publisher receives two payouts for one human view. ads.txt does not catch this because both SSPs may be legitimately authorized sellers; the issue is what happens to their winning creatives at render time.

A useful mental model: ad stacking can happen on any inventory the verification tag does not measure. Authorized seller status (the ads.txt question) is orthogonal to render integrity (the ad stacking question).

How do you detect ad stacking? (5 signals)

No single signal is conclusive. Stacking can hide behind one or two anomalies; it cannot hide behind all five. This is the working detection pattern used by DoubleVerify, Integral Ad Science, and MOAT, distilled from their published methodology and verified against field experience. ^[3]

Signal 1: Viewability under 50% with normal-or-high CTR

The MRC viewability standard is 50% of pixels in view for at least 1 second (2 seconds for video). ^[1] Stacked ads systematically miss this threshold because they are covered. If viewability collapses but CTR holds steady or rises, ads are firing impressions and getting clicks without being seen by the people who supposedly clicked. This is the cleanest single signal.

Healthy display benchmarks: viewability 60-75%, CTR 0.1-0.5%. A placement reporting 30% viewability and 0.4% CTR is mathematically suspicious.

Signal 2: Impression-to-conversion ratio collapse

A stacked impression is a wasted impression. The advertiser pays for it, but it never reached an attentive human. Over time, campaigns running on stack-heavy inventory show a measurable collapse in impression-to-conversion ratios versus historical baselines on equivalent placements. A 30-50% drop in CVR per impression without an offsetting CTR change is the second signal.

The catch: this signal lags. By the time conversion ratios shift in your dashboards, the budget loss is already booked. Pair it with Signal 1 and Signal 3 for forward-looking detection.

Signal 3: DSP-versus-verification-vendor impression discrepancies

Your DSP reports 1,000,000 impressions served on a placement. DoubleVerify, IAS, or MOAT measures 200,000 viewable impressions on the same placement over the same window. The gap is not noise — it is the stacked creatives firing impressions to the DSP that the verification tag never registered as viewable. A consistent multi-fold gap between DSP-reported and vendor-measured viewable impressions is the third signal. ^[3]

Signal 4: Excessive iframe creation per ad slot

Technical crawlers can inspect rendered pages and count iframes per ad container. A single 300x250 slot should contain one creative iframe (with possibly one nested measurement iframe). Slots rendering 5-10+ iframes within a single placement are mechanically stacking. The IAB Tech Lab’s measurement guidelines describe this as one of the rendering-anomaly detection patterns. More than 3 creative iframes per ad slot is a strong signal; more than 5 is near-conclusive.

Signal 5: Industry vendor flags

DoubleVerify, Integral Ad Science, and MOAT all maintain known-issue lists at the domain, app, and SDK-version level. When a stacking issue is detected on inventory, the vendors flag the source and propagate the flag through their pre-bid filters and post-impression reports. Any campaign-level flag from DV, IAS, or MOAT against an inventory source should trigger an immediate placement-level pause and a refund-dispute workflow. ^[3]

In practice, the five signals are weighted. Signal 1 and Signal 3 are the strongest leading indicators. Signal 5 is the strongest lagging confirmation. Signal 2 is the most expensive way to find out (you already paid). Signal 4 requires custom crawling infrastructure most buyers do not run, which is why vendor verification is the practical detection layer for in-house teams.

What can advertisers do about ad stacking?

Defense against ad stacking is layered. No single control catches everything. The working 2026 stack combines four layers, each addressing a different point in the bid-to-render pipeline.

Pre-bid viewability filters

Pre-bid filtering reads historical viewability scores per placement (or per source / per SDK) and refuses to bid on inventory below a threshold. Common thresholds: 60% viewability minimum, 70% for premium display, 85% for video. Pre-bid filtering is the cheapest layer because it costs you no impressions you would have paid for anyway — you simply do not bid.

The limitation: pre-bid signals are predictions. New inventory has no historical viewability data. Sophisticated perpetrators can game thresholds by stacking selectively (some sessions stack, some do not).

Vendor verification (DV, IAS, MOAT)

DoubleVerify, Integral Ad Science, and Oracle MOAT each provide JavaScript verification tags that load alongside ad creatives and measure actual viewability, geography, fraud signals, and brand-safety attributes. ^[3] Their measurement is the industry-recognized ground truth for viewability disputes.

The cost: vendor verification adds JavaScript weight, can affect creative load time, and carries per-impression measurement fees. The recovered fraud spend typically dominates this cost above mid-five-figure monthly budgets.

Bid only on TAG-certified inventory

The Trustworthy Accountability Group (TAG) operates the Certified Against Fraud program. TAG-certified sellers, exchanges, and publishers have agreed to anti-fraud commitments and are audited against them. A hard buy-side policy of bidding only on TAG-certified inventory eliminates a large fraction of MFA and rogue-publisher exposure. The trade-off is reach — TAG-certified inventory is a subset of total programmatic supply.

Domain-spoofing check via ads.txt

ads.txt does not catch ad stacking inside an authorized seller’s slot, but it catches the related vector of bid requests claiming to be from publishers who never authorized them. A complete defensive stack includes ads.txt enforcement at the buy side — see ads.txt explained for the spec, validators, and supply-chain verification flow.

The combined defensive stack:

1. Pre-bid layer: viewability thresholds, TAG-certified-only filter, ads.txt verification
2. Render-time layer: DV / IAS / MOAT verification tags on every bought impression
3. Reporting layer: DSP-versus-vendor discrepancy monitoring, weekly placement audits
4. Refund layer: evidence-grade reports formatted for ad-network and SSP dispute processes

This is the same architectural pattern as broader click fraud protection: multiple independent layers, each addressing a different attack surface, each producing evidence for the next.

Where ad stacking fits in the broader fraud picture

Ad stacking is one of roughly a dozen distinct programmatic fraud techniques. The companions — pixel stuffing, domain spoofing, MFA traffic generation, click injection, cookie stuffing, install hijacking, SDK spoofing, ghost sites, attribution fraud, click flooding, hidden ad units, autoplay fraud — each exploit a different point in the bid-to-conversion path. See types of ad fraud for the full taxonomy.

The shared property: every one of them is profitable as long as buyers pay before verifying. The shared defense: independent verification of what was actually delivered, scored against multiple signal layers.

Ad stacking is well-suited to defensive automation because its symptoms (viewability collapse with normal CTR, DSP-vendor impression gaps) show up in aggregate data buyers already collect. The hard part is acting on the signal — pausing placements, filing disputes, recovering budget. Most advertisers detect ad stacking long after it has cost them, simply because no internal workflow connects the verification-vendor flag to a placement-pause decision.

Where Adsafee fits

Adsafee monitors viewability, vendor-verification discrepancies, and render-time anomalies as part of multi-signal click fraud protection. When measured viewability collapses against DSP-reported impressions, or when verification vendors flag a placement, we score the inventory as high-risk and ship evidence-grade reports for refund disputes. Ad stacking is one slice of a layered defense alongside behavioral, technical, and network-layer signals.

If you want to see whether your traffic is being protected against ad stacking and the broader fraud surface, start a free trial — first audit takes about 10 minutes.

---

Sources

1. Media Rating Council, “Viewable Ad Impression Measurement Guidelines” and “Invalid Traffic Detection and Filtration Guidelines Addendum” — 50%/1s viewability threshold (2s for video) and the GIVT/SIVT framework that classifies non-viewable ad-stacking impressions as invalid traffic. Visit: mediaratingcouncil.org. ↩

2. Association of National Advertisers, “Programmatic Transparency Benchmark” — annual programmatic supply-chain losses, including MFA exposure and impression-fraud line items. Visit: ana.net. ↩

3. DoubleVerify and Integral Ad Science, annual Global Insights / Media Quality reports — viewability benchmarks, ad stacking and pixel stuffing rendering-anomaly detection methodology, and per-domain fraud flags. Visit: doubleverify.com and integralads.com. ↩

4. IAB Tech Lab, “OpenRTB specification”, “SupplyChain Object”, and rendering-integrity guidelines — definitions used in pre-bid filtering and verification. Visit: iabtechlab.com. ↩