Google has redrawn the line on spam — twice. The company updated its Search spam policies page to explicitly include attempts to manipulate generative AI responses in Google Search as a spam violation. Separately, it introduced a new malicious-practices policy targeting back button hijacking, with enforcement active since June 15, 2026. The two changes are distinct, but they share the same direction: Google is closing gaps that opened as search moved beyond the blue-link era.
For most site owners, the generative-AI line is the more consequential one strategically. The back-button policy is a cleanup of an obvious technical abuse. The AI-manipulation clause is where Google tells the industry what separates acceptable answer-optimization from punishable gaming, and the answer is less obvious than it looks.
What counts as manipulating AI answers
Google’s spam policies page now states that attempting to manipulate generative AI responses in Google Search constitutes spam. This covers content structured to exploit AI Overviews and AI Mode rather than serve a human reader: think prompt-injection-style passages, fake-authority stuffing aimed at triggering AI citations, and answer blocks that mimic cited sources without underlying substance. Search Engine Land confirmed the scope extends to AI Overviews and AI Mode explicitly.
The key distinction is intent and method. Structured data, clear factual claims, citable answer blocks, and clean entity markup: these remain the right way to earn AI Overview inclusion. The policy targets techniques designed to trick the generative layer rather than earn it. The boundary between GEO (generative engine optimization) and manipulation is not always obvious in practice, but Google’s framing centers on whether the content would hold value without the AI intermediary.
| Approach | Status | Why |
|---|---|---|
| Structured data + verified facts + answer blocks | Acceptable GEO/AEO | Earns AI inclusion through genuine usefulness |
| Prompt-injection phrasing in body copy | Spam | Designed to exploit generative model behavior, not serve readers |
| Fake-authority stuffing (manufactured E-E-A-T signals) | Spam | Inflates credibility cues targeting AI citation logic |
| Citable answer blocks matching actual query intent | Acceptable | Serves the reader, happens to be AI-friendly |
There is no separate enforcement date for the generative-AI clause. It is a policy-text clarification that now sits alongside the existing spam framework. Enforcement uses the same mechanisms: algorithmic demotions and manual spam actions, applied as Google’s systems identify violations.
What is back button hijacking?
Back button hijacking occurs when a site interferes with user browser navigation by manipulating the browser history or other browser functionalities, preventing users from using their back button to immediately return to the page they came from. Google announced the policy in April 2026 and published a dedicated Search Central post explaining the enforcement approach. Automated algorithmic demotions and targeted manual spam actions both apply.
What matters for publishers: liability extends to third-party code. Ad networks, engagement scripts, consent modules, A/B-testing tools: if any of them introduce history-manipulation behavior on your pages, the site is responsible. Google is not distinguishing between first-party and third-party origin when enforcement runs.
The third-party problem is the actual audit priority
Most publishers are not writing back-button traps themselves. The risk sits in tag managers loaded with scripts they did not author and review infrequently. Enforcement began June 15. If you have not audited your JavaScript for history API manipulation (pushState, replaceState, or popstate listeners that intercept navigation), that is the immediate action.
The audit checklist is short: load a representative page in a browser with DevTools open, navigate to an internal link, then press back. If you land anywhere other than the referring page, something is blocking or redirecting navigation. Check your tag manager for ad network scripts and engagement overlays first. Then check consent banners that use modal layers on back-press.
The broader context here is that Google has been standardizing its spam documentation as generative search complicates what “spam” means. The new Search Console generative-AI impression reports give site owners a way to measure AI visibility. What this policy update adds is the other side of the equation: the rules for how that visibility is earned and how it can be forfeited. If your site has appeared in AI Overviews, understanding what Google now counts as manipulation is part of protecting that placement.
The legal dimension is worth watching too. Google is directly accountable for what AI Overviews state, as the Munich court ruling confirmed when it treated AI summaries as Google’s own words, not neutral retrieval. A spam policy that governs what inputs Google accepts into that generative layer follows logically from that liability posture.
Sources: Google Search Central — Spam policies; Google Search Central Blog, April 2026; Search Engine Land; PPC Land.
