Why Server-to-Server Really Turns Header Bidding on its Head

Portrait of Duane Kinsey
by Duane Kinsey
Feb 20, 2018

Wherever you look right now, it seems like the world is being turned on its head.

A service designed to “bring the world closer together” stands accused of ripping society apart. A utility used for mapping your run ends up exposing military secrets. A popular children’s video app serves up wildly inappropriate versions of the cartoons they love, possibly even fed by its own algorithm. The list goes on.

In this crazy, upside down world, only one thing really seems certain – technology can and will find unintended ends and misuses, a million miles from where its founders set out.

And if we’re to avoid more tech nightmares in future, what we need is pretty clear – less blue sky, Ayn Rand-inspired utopianism. And more practical, objective and self-aware assessments of how that tech is being used, where it’s currently going wrong and how that might get worse next before it gets better.

Fountain Header

All of which brings us, in a roundabout way, to header bidding. Much touted as a giant leap in ad tech’s mission towards ‘holistic yield management’, I’d argue it’s more of a small step – at least in its current form.

And unlike Facebook, Strava and YouTube, I’d go further, to add that even when it was first invented, header bidding’s creators probably already knew it was a short-term, hacky and ultimately deeply flawed solution.

Why? Well, for one – before it, the whole programmatic bidding process always took place in the server. But header bidding burst onto the block as a new kid that didn’t feel the need to respect such niceties. It was a scrappy, some say even half-baked solution. That’s because it moved its all new meta-bidding process (now in many cases far more complex) from its spiritual home in the server, up to the browser – the HTML header of the page, to be precise.

And as anyone who’s been following recent cyber security news will know, moving third party tasks to the frontline of the browser immediately presents its own risks. It seems like not a week goes by without some new exploit emerging – one of the latest is the (ab)use of browser password saving functionality. It turns out certain businesses were using this hack to track users’ every move online, of course without their say so, as Princeton researchers have revealed.

In fact, if it’s browser-based header bidding collateral damage you’re after, there’s plenty more where that came from. It won’t be a surprise to the more technically minded that shifting bidding activity from hardware onto software can have a major impact on said software’s day job. Yes – as many in the industry seem to have forgotten - outside of delivering ads, browsers are still relied upon for people to… browse content.

Last but not least, if data really is the new oil, then browser-based header bidding is a giant leaky tanker. Various reports back this up – though with the ad tech military-industrial complex already so hooked on a short-term, browser-based header bidding cash fix, don’t expect many to own up to this problem.

A Short-Term Profit World?

And there’s the rub. For better or worse (okay, only worse), we live in a short-term profit world. Shoe-horning your bidding activity into the browser is the epitome of putting short-term profit above the customer, quality and long-term sustainability. You can also see it as part of a wider process, progressively trashing the online user experience, which @happensinadops aptly refers to as ‘moral debt’.

Meanwhile, the benefits of server-to-server header bidding are many, with speed and extendibility right at the top of the list. But lower match rates – that is, the ability to match cookies between multiple different players in the ad tech space, is also held up as its fatal flaw.

Of course, that kind of potential loss is scary, because it can mark sales’ quarterly targets. The losses from your data leaking out of the browser, and getting sucked up for free, or of users abandoning your site because it’s slow, or indeed installing an ad blocker for the same reason – all of these aren’t so easy to quantify, so who cares?

Moreover, relying as matching does on 3rd party cookies, the whole system may be about to start shifting soon – as the tech giant browser landowners clamp down on their ad tech farmhands (see Safari, Criteo and intelligent tracking protection). More importantly, privacy measures like GDPR loom, and many say they will set new, stricter global standards on programmatic, and indeed alter the face of 3rd party cookie usage as we know it.

In a world turned on its head, it seems the only smart thing to do – especially for informed, forward-thinking publishers – is to prod bidding from the page, back to the server where it started.

If not, on your own header be it.

Want to make more revenue with server-to-server header bidding? Explore BuySellAds Optimize, our server-to-server solution for small to mid-tier publishers.