A growing number of publishers rely on Prebid to provide clear insights and control over their programmatic ad auctions. At present, there are approximately 10,598 websites that are using Prebid for ad monetization (BuiltWith).
Being a community-led framework, Prebid keeps bringing changes to its operations to reflect the current state of the industry. Recently, Prebid brought some significant changes to the transaction IDs in the header bidding software.
Our blog explores these changes and how they would impact the publishers.
Key Takeaways on Prebid’s Transaction ID Changes
- Prebid will now generate transaction IDs (TIDs) for each SSP/demand partner, which puts an end to the use of universal IDs across exchanges. This marks a shift from impression-based TIDs in order to protect publishers’ revenue & user privacy.
- This major update, introduced in Prebid.js 10.9, shifts TIDs to opt-in by default and restricts impression traceability. This gives publishers greater control and reduces data leakage risks.
- However, the change has put Prebid at odds with IAB Tech Labs, which highlights its one-sidedness while stressing on the disadvantages that may be caused to the advertisers.
What’s Changed In Prebid’s Transaction IDs?
Earlier, the TIDs were generated impression-wise, i.e, each impression had a distinct ID that both the SSPs and DSPs could track. This allowed the DSPs to track duplicate bids based on the TIDs, and accordingly choose the most-effective path to an inventory. However, with growing concerns, Prebid changed the way TIDs function. Let’s understand how.
Prebid has decided to change the default settings of TIDs in Prebid.js from opt-out to opt-in (default off). This update began with Prebid.js version 10.9, following an earlier legal-driven decision two years ago to set TIDs to opt-in in version 8.0.
The change is meant to protect publishers’ contractual obligations and user privacy, and provide greater flexibility over how the TIDs are used within their environments.
Moreover, in a recent Publisher PMC (Product Management Council) meeting, the committee voted in favor of changing Prebid’s approach to TIDs generation. Instead of generating a single Transaction ID that would follow an impression through the entire bidstream, Prebid will now create a unique TID for each SSP or distribution channel.
To summarize the changes, Prebid has rolled out two new updates in Prebid.js: Changing the default settings of TIDs from opt-out to opt-in, and generating TIDs for each SSP/distribution channel.
Note: Google’s advertising platforms are not affected as they don’t use TIDs due to similar privacy concerns. Hence, the step taken by Prebid automatically brings header bidding (Prebid.js) closer to Google’s stance.
Why Does This Change Matter?
Earlier, the transaction ID (source.tid) generated for each impression allowed DSPs to identify duplicate bids and accordingly optimize their settings (a part of SPO). So, if the impressions from different SSPs with the same TIDs were presented to a DSP, it would deduplicate the bids and move forward accordingly.
However, this arrangement has changed. What’s different now is that if TIDs are switched on, each SSP receives its own separate TIDs, rather than impressions getting a single universal value. The universal ID option has been removed altogether.
At present, this update applies only to Prebid.js (client-side header bidding). A comparable change for Prebid Server would be required to bring the same approach server-side.
4 Reasons Behind Prebid’s Transaction ID Changes
This adjustment was prompted by publisher concerns around privacy, data leakage, and revenue effect. The reasons include:
1. Revenue Impact (Yield Protection)
One of the main drivers behind this change is yield protection. When a single transaction ID is used for each impression, buyers can piece together a publisher’s supply paths and spot any pricing differences between exchanges.
And once the DSP spots the price disparity, it automatically routes the bid towards the path with lower fees. This threatens publisher revenue by pressuring CPMs down. As several publishing leaders have pointed out, sharing TIDs can expose “floor prices and deal terms,” enabling buyers to target the cheapest option and ultimately compressing yield.
By assigning distinct TIDs to each SSP, Prebid limits this kind of supply path mapping, helping sustain competition among bids and protect publisher margins.
2. User Privacy
A universal transaction ID can serve as a digital breadcrumb, which the AdTech vendors can use to stitch together data about a single impression across multiple platforms. The concern is that even if the particular user’s data were removed from the bid request, the vendor could still utilize the shared TID for data reconstruction without consent.
With privacy concerns growing and laws tightening, publishers worry that a common TID could facilitate cross-platform tracking that’s approved by neither users nor regulators.
3. Data Leakage and Exploitation
In the worst-case scenario, a shared transaction ID could allow malicious players to collect bid request data from various sources and repackage the information for their own profit. For example, someone could extract detailed log-level auction records, reconstruct the full impression history on an independent platform, and sell access to advertisers without the publisher’s knowledge.
This exposes a significant risk: publishers’ audience data and inventory insights could be monetized by outside parties without consent or compensation, undermining both control and potential revenue.
4. Contract Compliance
Many publishers have strict agreements with their partners and data providers specifying exactly who can access sensitive data, such as information from logged-in users or private deals. A shared transaction ID risks breaching those terms by allowing unauthorized aggregation of data across platforms.
This can, in turn, expose restricted data to parties without contractual permission. Making TIDs unique to each partner ensures that data intended for one SSP is not easily connected with data in another, thereby upholding publishers’ contracts.
How Did the Industry React to Prebid’s Transaction ID Changes?
Not all players are satisfied with the changes, as it gives the publishers an upper hand over advertisers in the ad supply chain.
1. IAB Tech Lab
The IAB Tech Lab, which oversees the OpenRTB specification, has objected to Prebid’s unilateral changes to the transaction ID standard. According to IAB, OpenRTB explicitly requires that a common transaction ID be used across all bid requests for an auction.
It has been argued that Prebid’s new approach “materially violates the OpenRTB specification” and cautioned that it “risks undermining the integrity and consistency of open technical standards… critical to interoperability”. As per them, the shared TID is a foundational element that ensures alignment among the AdTech players.
Altering this foundation without an industry-wide consensus could fragment the programmatic ecosystem. This would make it much harder for the demand-side and supply-side platforms to operate in tandem.
2. AdTech Community
The industry reaction has been divided. Many on the buyer side are worried that losing a universal transaction ID would make detecting duplicate bids troublesome. This could result in inefficiencies such as cross-bidding, leading to wasted ad spend and artificially inflating the CPMs without adding real value.
Some have even argued that the change would encourage questionable practices by allowing publishers or SSPs to insert more duplicate bid requests into the system and increase competition for the same inventory.
3. Publishers
On the flip side, most publishers and their advocates have supported the shift as excessive transparency was making the ad supply chain in favor of the buy-side. By narrowing the scope of TIDs, publishers reclaim more control over their auction data. They can avoid situations where a DSP persuades an advertiser to drop direct deals in favor of cheaper open exchange buys.
Impression-based TIDs could be stitched across SSPs like a device graph – revealing the origin, floor prices, and even the deal terms. The buyer side could exploit this knowledge to gain leverage. Hence, introducing some opacity helps shield publishers’ yield and respect their privacy/contractual boundaries, while maintaining enough transparency for deduplication through other means.
What Publishers Should Do Now?
Here’s what the publishers and the AdOps team should do now:
- Understand that TIDs are off by default. Turning them on is a deliberate decision balancing data utility with privacy and revenue risk.
- Review and understand the Prebid.js versions and module updates carefully before upgrading. Modules have been added, removed, or replaced, with implications on build configuration.
- Join Prebid’s Publisher PMC or community forums (like on Slack) to provide feedback and stay informed on evolving governance and standards.
- Run tests to understand how changes to TID handling will affect the auction dynamics and revenue in your own setup.
- Evaluate your contractual arrangements and privacy compliance frameworks with partners in light of these changes.
- Stay aware of new Prebid features like activity controls and the standalone size mapping module to optimize safely.
