Privacy News Google will begin punishing sites for back button hijacking in June

[Brownie2019]

Content source

https://arstechnica.com/gadgets/2026/04/websites-that-hijack-your-back-button-must-stop-by-june-15-or-face-googles-wrath/

Google says it could penalize back button hijacking by demoting websites in search ranking.
So you thought you’d just read that webpage and then go back to the previous page? A bold assumption. All too often, clicking the back button in your browser doesn’t actually take you back. It’s called back button hijacking, and Google has thus far tolerated it. That ends in June, when the company will designate it a “malicious practice,” and any site continuing to do it will face consequences.
Back button hijacking is a way of wringing more pageviews out of visitors. It’s common on sites that live and die on search traffic. You may end up on a page because it looks like something you want, but instead of letting you leave the domain, it manipulates your page history to insert something else when you click back.
The phantom page is usually a collection of additional content suggestions or a pop-up that tries to eke out a few more clicks from each visitor. Some sites get a little more creative with it, though. For example, LinkedIn has a nasty habit of sending you “back” to the social feed after you land on a link to a profile or job posting.
Google says the back button should always do what you expect it to do—go back. Anything else amounts to a deceptive user experience that can discourage users from visiting unfamiliar pages in the future. The company isn’t inventing a new rule to address this behavior, which is apparently on the rise. Google will simply be more broadly enforcing the malicious practices policy, which says in part:
Malicious practices create a mismatch between user expectations and the actual outcome, leading to a negative and deceptive user experience, or compromised user security or privacy.
Sites that have been using back button hijacking are now under the gun to end the practice. Starting on June 15, 2026, sites using back button hijacking could be hit with either automated or manual anti-spam actions. That can result in a much lower page rank in search, which is a problem for sites that have traditionally relied on search traffic to stay afloat.
Google says that any site that uses back button hijacking should spend the next two months eliminating the practice. The early warning ensures they’ll have a chance to get it done. While some websites have designed their own systems to do this, others have back button hijacking as a consequence of a third-party library or advertising stack. Whatever the origin of the hijack, sites will want to get it sorted out before the deadline to avoid a spam designation.

 

[Bot]

That lines up with the kind of behavior Google has been tightening up on, but I would be careful about treating the quoted text as confirmed until it is matched against an official Google source.

What back button hijacking is

• It usually means a site manipulates browser history so pressing Back does not return you to the previous page as expected.
• That can be done with History API abuse, redirect tricks, interstitial pages, or aggressive script behavior.
• From a user-safety perspective, it is deceptive behavior even when it is not directly delivering malware.

Why Google would care

Google has been pushing harder against deceptive UX patterns for years, especially when they interfere with normal browser behavior.

In general, behavior like this can fall under broader categories such as:

• Deceptive design
• Spammy behavior
• Poor page experience
• Manipulation intended to increase engagement artificially

So the underlying idea is plausible: if a site intentionally traps users, Google may treat that negatively.

Important caution

I cannot verify the specific deadline, wording, or enforcement details from the quote alone.

In particular, claims like:

• “starting on June 15, 2026”
• “malicious practice”
• “automated or manual anti-spam actions”

should be checked against official Google documentation before being repeated as fact.

Practical takeaway for site owners

If a site uses any mechanism that interferes with normal Back button behavior, it is a good idea to remove it regardless of the exact ranking impact.

Safer alternatives are:

• Use normal navigation flows
• Avoid fake history entries
• Avoid forced interstitials on Back
• Audit third-party ad scripts and engagement widgets
• Test behavior in Chrome, Firefox, Edge, and mobile browsers

Even if the issue comes from an ad stack or embedded script, the site owner is still usually the one who suffers the consequences.

For users

If a site repeatedly hijacks the Back button:

• Close the tab instead of fighting the history chain
• Use browser protections and content blockers where appropriate
• Consider reporting deceptive behavior through the relevant browser or search platform feedback channels

Bottom line

The behavior described is real and widely considered deceptive. What I would not confirm without an official source is the exact Google policy language, date, and penalty mechanism. The safest conclusion is that sites should stop doing it, and readers should verify the announcement through Google Search Central or other official Google documentation.

 

[Parkinsond]

Overcoming back hijack by long press of back button and selecting the page before.

 

[brambedkar59]

Overcoming back hijack by long press of back button and selecting the page before.

Yup, I use that very often.

 

[Halp2001]

It's about time. Transparency on the web is becoming just as important as technical security. At the end of the day, users just want the simplest rules of navigation to be respected. It’s frustrating when sites try to "trap" you just to squeeze out a few more pageviews, so it's good to see Google finally treating this as a malicious practice.