The AdSense dashboard banner says “We’ve detected invalid traffic on your account.” Your earnings for the last 30 days might be clawed back. New ad serving is disabled or limited. This is one of the most stressful AdSense states because: (1) the warning is vague, (2) appeals are slow and frequently denied, (3) repeated flags can permanently terminate the account. Google’s spam policies for AdSense lump click fraud, bot traffic, “encouraging clicks,” and traffic from low-quality sources all under “invalid traffic,” and you usually don’t get told which.
The recovery path: figure out the likely source, document defenses, file a structured appeal, and harden the site so it doesn’t reoccur.
Common causes
Ordered by hit rate, highest first.
1. Someone is maliciously clicking your ads
A competitor or angry user finds your site and clicks ads dozens of times. AdSense’s anti-fraud system flags the spike. Often this is unintentional collateral from “negative SEO” attacks.
How to spot it: AdSense → Reports → CTR by date. If a single day or hour shows CTR 5-10x normal, you have a click spike.
2. You or family members accidentally clicked
You opened your own site in a browser logged into your AdSense, and clicked an ad to “test if it works.” This is the #1 cause of self-inflicted invalid traffic warnings for new publishers.
How to spot it: Did you click an ad in the last 30 days? Did anyone with access to your computer click? If yes, this is probably it.
3. Bot / scraper traffic spike
A scraper hit your site 50,000 times in a day. Each pageview triggered an ad impression. AdSense’s traffic quality system saw a flood of clearly-bot traffic and flagged.
How to spot it: Cloudflare → Analytics → look for spikes. Or Google Analytics → top traffic sources for an unusual referrer.
4. You bought or incentivized traffic
You ran a $5 cheap-traffic ad on a sketchy network, or a service like “Traffic Bot” pinged your pages. These all show as invalid.
How to spot it: Look back at the last 30 days — did you buy any traffic? Even legitimate-seeming traffic services (some Fiverr “I’ll send 1000 visitors”) count as invalid.
5. Auto-refresh widgets / pop-up traffic
You enabled an auto-refresh feature or your site has a sticky pop-up that increases pageviews artificially. AdSense detects “engagement signals don’t match impressions.”
How to spot it: Average session duration < 5s with high pageviews/session = automated or low-quality engagement.
6. CTR anomaly without click spike
Sometimes AdSense flags pages with CTR > 5-10% even without absolute click volume. CTR that high is usually misleading ad placement (ads that look like content / nav) and triggers a manual review.
How to spot it: AdSense → Reports → Page CTR > 5% sustained. Even legit traffic can trigger this if your ad placement is confusing.
7. Misleading content or prohibited categories
If recent content has crossed into prohibited (adult, certain medical, illegal goods), the policy reviewer might use “invalid traffic” as the umbrella term while actually citing content policy.
How to spot it: Check Policy center for any per-page enforcement actions in the same window.
Shortest path to fix
Step 1: Identify the specific warning category
In AdSense → Policy center, look for any specific notes. There may be a phrase like “encouragement of clicks,” “click manipulation,” “traffic source quality,” or “high-risk behavior.” Save the exact text — you’ll need it for the appeal.
Step 2: Pull traffic and CTR data for the flagged period
AdSense → Reports → set date range to the suspicious 7-30 days. Export:
- Impressions, clicks, CTR by day
- Top URLs by clicks
- Top countries by clicks
Combine with Google Analytics or your CDN logs. Identify the anomaly.
Step 3: Document defenses
If you can show this was malicious or unintentional, document:
- Cloudflare Bot Fight logs from the period
- Geographic / time analysis showing the clicks don’t fit normal user pattern
- Any communication with the suspected perpetrator (rare, but if a known competitor)
- Your reCAPTCHA or anti-fraud measures already in place
Step 4: File an appeal with evidence
In AdSense → click “Submit an appeal” if it’s offered. Or use the invalid traffic appeals form.
Include:
- Specific time window of suspicious traffic
- What you believe caused it
- What defensive measures you’ve added since
- Why you believe the activity wasn’t your doing
Be specific. Generic “I didn’t do anything” appeals are usually denied.
Step 5: Add defenses to prevent recurrence
For click fraud / malicious clicks:
- Enable Cloudflare Bot Fight Mode (free tier OK)
- Add reCAPTCHA v3 if your stack supports it
- Block IP ranges that produced suspicious clicks
For accidental self-clicks:
- Set Chrome to block ads on your own domain
- Use a separate browser profile (or incognito) when viewing your own site logged in
- Never click your own ads, even to “test”
For bot traffic:
- Cloudflare bot management
- Block
*.amazonaws.com/*.googleusercontent.comin robots.txt if you see scraper signatures
Step 6: Wait for the response
Appeals can take 1-4 weeks. Don’t keep filing — that’s annoying and slows everything down. Wait, work on content, deploy defenses.
If denied: read the denial carefully and consider if any of the suspected causes still apply. You can sometimes file a second appeal after 30 days with new evidence.
Prevention
- Never click your own ads. Ever. Use an ad blocker on your work machine.
- Enable Cloudflare Bot Fight Mode the day you launch.
- Don’t buy traffic from any source — including “high-quality SEO traffic” promises on Fiverr.
- Monitor AdSense Reports → CTR weekly. Investigate any day with 3x normal CTR even if no warning fires.
- Don’t place ads in spots that look like navigation or content (high CTR from confusion = invalid traffic in AdSense’s eyes).
- Keep a paper trail: when you make ad placement or traffic-related changes, write a one-liner with date so you can correlate with future incidents.
Related
- AdSense policy warning
- Ad blocker affecting RPM
- No ads available on some pages
- Ads not showing after approval
Tags: #Troubleshooting