Sign in Start free
← Blog Blog

GIVT vs SIVT: The Two Kinds of Invalid Traffic, Explained

Guides·Jun 18, 2026·5 min read

If you run ads, "invalid traffic" is the line item quietly draining your revenue and — worse — putting your AdSense or ad-network account at risk of suspension. But "invalid traffic" is not one thing. The IAB and the MRC split it into two categories, and the split matters: one kind is cheap to catch perfectly, and the other is the reason no honest vendor can claim 100%.

This post explains the difference, why it determines what any IVT product can actually promise, and how PubSentry treats each.

GIVT: General Invalid Traffic

GIVT is the obvious stuff. It's traffic that can be identified by routine, well-established means — usually a list, a flag, or a header — without any deep behavioral analysis. The IAB maintains a published spiders-and-bots list precisely because this category is identifiable by convention.

Concrete examples of GIVT:

  • Declared crawlers and bots — Googlebot, Bingbot, monitoring agents, SEO tools. They often announce themselves in the user agent.
  • Headless and automation frameworks — anything driven by webdriver, ChromeDriver, Puppeteer, or Selenium leaves tells: automation globals, CDP markers, a navigator.webdriver flag, tampered native functions.
  • Data-center IPs — traffic from AWS, GCP, Azure, and hosting ranges that no normal reader browses from.
  • Known-bad and Tor exits — IPs and entities already flagged as abusive.
  • Incoherent fingerprints — a "Chrome on Windows" user agent paired with geometry or capabilities that contradict it.

The defining trait of GIVT is that it leaves a tell. Something in the request is provably inconsistent with a real human on a real browser. That makes it safe to block: you are not guessing.

This is where deterministic detection shines. PubSentry's engine catches GIVT at essentially 100% recall with 0% false positives on our hand-labeled clear-case corpus. Every one of those signals — automation flags, honeypot hits, native-function tampering, spoofed Chrome, emulated geometry, data-center IPs, abnormal velocity, known-bad reputation — is hard evidence, not a probability. When the engine sees one, it blocks before the ad fires, so the impression is never served and the invalid click never reaches your account.

SIVT: Sophisticated Invalid Traffic

SIVT is the adversarial category. This is invalid traffic engineered specifically to look human — and it's where the honesty has to start.

A sophisticated bot:

  • Egresses through a residential or mobile proxy, so its IP looks like a real consumer on a home ISP or a 4G connection.
  • Scrubs every hard tell — no webdriver flag, native functions left un-patched, no automation globals.
  • Presents a fully coherent fingerprint and user agent — the browser story is internally consistent.
  • Injects plausible human behavior — a single synthetic mouse movement or scroll event defeats any naive "no interaction = bot" rule.
  • Rotates fingerprints and IPs to stay "cold" against reputation systems.
  • Fans out under velocity thresholds, so no single entity ever looks abnormally fast.

Here is the uncomfortable truth: on a per-request basis, a well-built SIVT bot is indistinguishable from a real human. The signals are identical. You cannot block it deterministically without also blocking the genuine reader on a privacy browser, a VPN, Cloudflare WARP, or mobile data. And blocking a real human is the single worst thing an IVT product can do — it churns the visitor, distorts your analytics, and erodes trust in the tool.

We measured exactly this with an internal red-team: of 36 sophisticated evasion configurations, 35 evaded the deterministic engine. That is not a bug. It is the correct, expected result — and it's why we will never tell you we stop 100% of invalid traffic.

Why the GIVT/SIVT line decides what a product can promise

If a vendor claims to catch "100% of fraud," they are either redefining fraud to mean only GIVT, or they are blocking real humans to inflate the number. Both are dishonest. The GIVT floor is genuinely solvable at zero false positives. The SIVT ceiling is not — at least not from a single request in isolation.

So the honest framing is two separate promises:

  1. GIVT and account safety — solved today. Obvious invalid traffic is blocked before the ad serves, with zero false positives. This is what protects your ad-network account from invalid-traffic suspensions right now.
  2. SIVT — a moat that compounds. Catching sophisticated traffic is not a single-request problem; it's a problem of patterns above the request.

How PubSentry closes the SIVT gap

Because no single request reveals a good SIVT bot, the answer is to look at what one request can't show you:

  • Cross-site reputation network. A rotated identity is cold on your site, but warm across the network. The more publishers feed signals, the faster a reused entity gets caught.
  • Velocity and anomaly at scale. Fingerprint-churn spikes, impossible click-through rates, and coordinated timing show up in aggregate even when each request looks clean.
  • The ML moat. A trained model captures subtle statistical patterns in behavior and fingerprints that no hand-written threshold can express — without resorting to the brittle rules that cause false positives.
  • Graph correlation. Coordinated rings share faint commonalities across many sites; correlated as a graph, the ring becomes visible even when each member hides.

Every one of these layers gets stronger with more traffic and more publishers. That is the actual moat — and it's why the SIVT detection rate is a function of network scale over time, not a fixed number we can print on a marketing page.

The takeaway

GIVT is the obvious, tell-leaving traffic you can and should block before the ad fires — PubSentry does this at near-100% recall with zero false positives, and that alone protects your account today. SIVT is the human-mimicking traffic that no honest engine catches perfectly from a single request; it closes as the reputation network, anomaly detection, and ML layers grow. Anyone who collapses the two and claims "100%" is selling you the false-positive risk that eventually churns your real readers.

Want to see your own GIVT and account-safety picture? You can start free — one async JS tag, 500 pageviews on the house, no card. Drop the tag on your site and watch the verdicts come in.

Stop invalid traffic before the ad fires. Score every visitor, block the invalid ones pre-serve, protect your account. Free for your first 500 pageviews.
Start free →