This would create a huge security/fraud hole. In the current situation every surfer loads its own javascript from the Google adserver. Therefore Google knows the basic user information of each visitor (IP address, Google cookie etc.) and can use this information to track invalid clicks.

When Google would make an API available to use from a webserver running PHP, ASP, etc, this API would only see the IP address of the webhost. Even if the API would be designed in such a way that for example the visitor IP must be passed before an ad is served, the webhost can send fake information. Google wouldn't know if the ad request is from a genuine visitor, or generated by some generator in PHP which is generating random IP addresses and now and then a click.

lammert... good point... but. couldn't a hybrid approach be used. here's what i mean. the ads themselves would be provided through the API and they would only be provided if the visitor's info is passed to google. ALSO on the page is a small snippet of javascript that google could use to verify the passed userinfo. of course the verification wouldn't work for those without javascript, but google would have tons of data to work with. ie. # of users with javascript, and they could ensure that the numbers from each publisher matched the expected ratios.

of course, this is not bulletproof by any means, but perhaps google could offer this service to the big publishers so they could keep a close eye on the implementation. i think its a good idea, and i know that google is exposing themselves to risk, but isn't this greatly offset by the extra revenue that would be derived from those with javascript turned off?

Technically it might be possible to use an hybrid implementation, although I don't know if it will really have the desired effect. I have run some weeks an alternative ad for my best converting AdSense location within a <noscript> block right after the Google script block. I did this to display an alternative ad for those who had javascript turned off. I had not one single click on that alternative ad. I can think of many reasons:

• Users who turned of javascript did this because they hate ads, no matter if they are served by javascript, PHP or ASP
• Users with javascript turned of come mainly from sources where it is forbidden to click ads (army?)
• Browsers with javascript turned of could be just mainly bots, scrapers etc, instead of normal browsers operated by human beings.

If you want to check out if that is an issue - what I would do is modify (with permission) the Google ad code very slightly.

Include a <noscript> addition to the end of the code which will display a static gif (or better still, a server generated counter) and then compare the number of ads+gifs served.

That should then add up to nearly the same as the page views as reported by your server logs.

As for our site, AWStats report that only 4% of visitors had JavaScript disabled. (If I am not mistaken, AWStats excludes bots from these stats).

We don't think that 4% is a large number, so to us it's a non-issue. Of course, your site may show different figures.

Thanks for the replies, and I see the difficulties.

To be honest, I only suggested it as Google suggested that the difference of up to 37% lower banner impressions to actual page loads might be down to de-activated javascript. However, looking at my web logs only 3%-5% of visitors have javascript disabled. Therefore it's not really an issue for me either.

But as usual, report something to Google, get a denial that there is even the remotest possibility of a flaw in their algorythms/systems, and watch the stats change next day :)