Blog
Technical

gclid Replay Attacks: Technical Analysis and Hot-Path Defense

Atomic Lua sealing, GCLID_IP_MISMATCH, and MISSING_LANDING_BEACON: technical details of gclid security.

June 24, 20267 minDubixGuard Team
gclidredishot-pathlua

gclid format validation

Invalid format (outside ^[A-Za-z0-9._-]{10,200}$) returns **400** instantly; nothing is written to the database.

Atomic sealing

cf:gclid:{tenantId}:{gclid} Redis hash stores the first seen IP and fingerprint. Subsequent requests are compared:

  • Different IP → GCLID_IP_MISMATCH
  • Different fingerprint → GCLID_FINGERPRINT_MISMATCH

Landing requirement

Attribution-bearing interactions require a prior landing beacon. Otherwise MISSING_LANDING_BEACON → **403**.

Async reconciliation

The worker scans Google Ads click_view periodically. Ghost clicks and delayed mismatches are recorded as anomalies.

Ready to protect your ad budget?

4-layer defense against parameter attacks — setup in 5 minutes.

Try Free