Google just added something new to its spam policy manual. And the enforcement date — June 15, 2026 — gives Indian website owners exactly two months to check if they're affected and fix it.
The issue is called back button hijacking. It's been irritating internet users for years, and Google has finally decided it crosses the line from "aggressive marketing" to "deceptive practice."
Here's why this matters specifically for Indian business websites: the techniques Google is targeting were extremely common in low-cost WordPress themes and lead generation plugins that became popular across India between 2018 and 2023. A lot of Indian SME websites have this built in — often without the owner knowing it's there.
What is back button hijacking, exactly?
Normal web behaviour: you land on a page, read it, decide it's not for you, and hit your browser's back button to return to Google results.
Back button hijacking interferes with this. The most common forms:
Exit-intent popups with redirect loops. You move to click the back button or close the tab. A popup appears, often with a fake countdown timer or an alarming message ("Wait! Don't leave yet — claim your free quote!"). If you dismiss the popup, some implementations redirect you to a completely different page rather than letting you leave. That second redirect is the thing Google is targeting.
History manipulation redirects. The site pushes multiple entries into your browser history, so pressing back once just cycles you back to the same site rather than returning you to your previous location. You press back, you're still on the site. You press back again, still there. This is deliberate — it's designed to trap users.
Mobile-specific tab interceptions. Some implementations only trigger on mobile. When you try to navigate away on your phone, you end up on a different page rather than leaving the site. Many site owners don't know this is happening because they primarily test their sites on desktop.
The common thread: your choice to leave the site is overridden. Google considers this a manipulation of user experience — deceiving users about what navigation controls will do — and it's going into the spam policy book alongside cloaked pages, hidden text, and link schemes.
Why Indian business websites are particularly exposed
The Indian web design market between 2018–2023 was heavily influenced by international "conversion rate optimisation" templates and playbooks. A strategy popular in the US and UK — use exit-intent technology aggressively to capture leads before visitors leave — got packaged into themes and plugins and sold as best practices to Indian web designers.
A lot of Indian website owners were told by their designers: "We're adding an exit popup — this will increase your conversions." They didn't ask for technical details. Their designer installed a plugin and it worked, in the sense that the popup appeared. Whether it was manipulating the back button specifically was rarely tested.
The following scenarios are extremely common across Indian business websites:
- ThemeForest premium themes (₹3,000–₹8,000 one-time cost) widely used for Indian SME sites. Many included built-in exit-intent functionality as a selling point in the theme description. These are exactly the features under scrutiny.
- OptinMonster, Thrive Leads, and similar lead generation plugins installed by designers to boost lead capture. Many have settings that affect back-button behaviour, and those settings were often left at default (aggressive) rather than customised.
- WooCommerce abandoned cart recovery plugins that intercept navigation away from the checkout page. Some use history manipulation to prevent users from leaving mid-purchase. These will be caught by the new policy.
- Custom JavaScript added by freelancers who copy-pasted exit-intent scripts from online tutorials without fully understanding what each line does.
How to check your own website in 10 minutes
Open your website in an incognito or private browser window. This prevents cached scripts from behaving differently than a first-time visitor would experience.
Navigate to your homepage, then to a service or product page, then to your contact page. On each page, test all three of these:
- Press the browser's back button. You should return to the previous page immediately. If a popup appears, or if you're redirected to a different page on the site, that's a problem.
- Move your cursor toward the browser's address bar. This often triggers exit-intent scripts. If a popup appears — note it, but this alone isn't necessarily a violation. Test what happens after you dismiss it. If you can close it and then navigate away freely, that's probably fine. If dismissing it redirects you somewhere else, that's the problem.
- Try closing the tab. On desktop, press Ctrl+W (or Cmd+W on Mac). If a dialog appears asking if you want to leave, that's a browser default and is fine. If you're prevented from closing or redirected instead, that's a violation.
Then do the same test on your mobile phone. Exit-intent and navigation scripts often behave differently on mobile. Visit each page, tap the back button, and confirm you return to wherever you came from — the previous page, or back to Google results if you typed the URL directly.
If nothing unusual happens throughout — no unexpected popups, no redirect loops, no trapped navigation — your site is likely clean.
How to fix it: plugin-by-plugin guide
The fix depends on where the behaviour is coming from. Here's how to diagnose and fix the most common sources:
OptinMonster: In your OptinMonster dashboard, go to each campaign. Look at the Display Rules. Disable any rules that reference "exit intent" specifically if they include redirect actions after popup dismissal. Keep simple popup-on-exit rules that allow normal dismissal.
Thrive Leads: Go to Thrive Dashboard → Thrive Leads. Edit each opt-in form. Check the trigger settings. If any form has a trigger set to "exit intent + redirect on close" — remove the redirect component.
WooCommerce cart abandonment plugins: These vary by plugin, but look for settings labelled "exit prevention," "leave page protection," or "cart abandonment interception." Disable any that use JavaScript history manipulation rather than a simple "Are you sure you want to leave?" browser dialog.
If it's built into your theme: Go to theme settings or customiser. Search for "popup," "exit intent," "lead capture," or "exit protection." Disable these features. If the settings don't exist but the behaviour is still present, the function is hardcoded in the theme files — a developer needs to find and remove the specific JavaScript block causing it.
Unknown source: If you can't identify the plugin or theme feature causing it, install a plugin like Query Monitor (free) and watch the JavaScript loading on the pages where you've observed the behaviour. The script file names often point to the responsible plugin.
The exit popup that's NOT hijacking
Google is not banning exit-intent popups altogether. There's an important distinction between a popup that appears when you move toward closing a tab — and then disappears cleanly when dismissed, letting you navigate freely — versus a popup that triggers a redirect or prevents normal navigation when dismissed.
The test: after interacting with or dismissing any popup on your site, does the back button work normally? Does closing the tab work? If yes — you're probably fine. If no — that's what needs fixing.
Simple "before you go" popups that offer a discount or ask for an email, and that close cleanly with an X button and allow free navigation afterwards — those are not targeted by this policy.
What happens if you don't fix it by June 15
Google's enforcement for new spam policies typically follows a pattern: an initial wave of algorithmic targeting that suppresses affected pages slightly, followed by manual actions for more egregious violations.
A manual action is significant. It appears in your Search Console as a notification with the specific violation identified. It reduces your rankings meaningfully across the affected pages until you fix the issue and submit a reconsideration request. Google's review process for reconsideration requests takes 4–8 weeks. During that window, your pages rank lower and your organic lead flow drops.
For context: a site that gets 50 qualified leads per month from organic search and loses 40% of that traffic for 6–8 weeks loses roughly 80–130 potential clients. That's the cost of not spending 20 minutes checking your website today.
Other user-experience violations worth checking at the same time
While you're auditing your site for back-button hijacking, it's worth checking a few related issues Google has been increasingly penalising:
Interstitial ads that cover the main content on mobile. Full-screen popups that appear immediately when a mobile user lands on your page — excluding cookie consent and age verification — have been a spam signal since 2017 and enforcement has tightened.
Auto-play video with sound. Videos that start playing automatically with audio on page load are a user experience violation and can affect your page experience scores in Core Web Vitals assessments.
Fake countdown timers. Timers that claim "offer expires in 10:00" but reset every time you visit the page. Google is increasingly treating deceptive urgency signals as a trust and quality issue, not just a conversion gimmick.
If you'd like help checking your website or need a developer to remove these behaviours cleanly — get in touch. This is a genuinely quick fix, and June 15 is not far away.