Important update: Google announced its back button abuse spam policy on 13 April 2026, with enforcement beginning on 15 June 2026.
What is back button hijacking?
It is the deliberate manipulation of browser history so visitors cannot return normally to the previous page. The technique creates a frustrating or deceptive experience and may now lead to Google enforcement.
Risky examples
- Adding unnecessary browser-history entries
- Sending users back to the same page repeatedly
- Triggering forced redirects when the back button is pressed
- Using pop-ups or advertising scripts that trap visitors
- Blocking a normal exit to protect engagement metrics
What is generally legitimate?
Normal checkout, login and multi-step form flows are not the target when they use browser history for a genuine functional reason and do not deceive or trap users.
Website audit checklist
- Test the back button on desktop and mobile.
- Review scripts that use
history.pushState or replaceState.
- Check advertising, pop-up and third-party plugins.
- Remove loops, forced redirects and unnecessary history entries.
- Retest after updates and document the changes.
EEAT and trust: Users should remain in control of their navigation. A transparent, predictable experience protects trust and supports long-term search performance.
Why businesses should act now
Sites that violate the policy may receive manual actions and lose Google Search traffic. Website owners should also audit third-party code because an external script can create the same harmful experience.
Source: Google Search Central, 13 April 2026.
Malaysia