Perhaps my mind is a bit scarred from all that I know and have experience, but the other day a friend of mine informed me how he had installed Ads by Google to start generating new revenue for his website, and the first thought that popped into my mind was how wide open to attack Google ads made his security headers and website in general. I know, totally normal thought process – right?
Installing Ads by Google Is A Built In Security Flaw
Granted I go a little overboard with my own security measures, but I’ve made it a point to block bad query strings, specifically to block Cross-Site Scripting (XSS) attacks from effecting my site. I have also taken the additional steps of installing https exclusive security headers through HSTS, while editing my website on Mozilla with the NoScript browser add-on enabled – just in case my firewall doesn’t detect or block every XSS attack. For reasons I have already explained, adding Ads by Google would essentially throw both of these measures right out the window.
— RogueSecurity (@Rogu3_Labs) September 22, 2018
If you are a little less paranoid, not running a security based web business and believe the added revenue may be worth the added security risk, then by all means go make your money – afterall, millions of other people already have. Hell, even I know I’m going to have to suck it up one day and start subscribing to their ads, just not here for this site.