Assessment
Today, in a Protected Audience auction, the SSP has the ability to replace macros on the renderUrl of the winning ad via deprecatedReplaceInURN.

In order to preserve post-bid brand safety for advertisers, verification vendors will rely on the top level URL to be provided via this macro replacement mechanism on the winning ad’s renderUrl in order to have access to this value from within Fenced Frames.

When ads are delivered via cross domain iframes, verification vendors have the ability to check ancestorOrigins to verify that, at the very least, the domain of the page matches the top level URL provided by this macro replacement mechanism (this applies to both traditional ORTB/Contextual auctions as well as Protected Audience auctions).

Problem Statement
The introduction of Fenced Frames and the loss of the ancestorOrigins signal will prevent verification vendors from verifying the top-level URL provided by the SSP via macro replacement. This could lead to inaccurate post-bid brand safety and fraud detection results for advertisers.

Key Issues

1. Accuracy of Macro Replacement:

• The reliability of the top-level URL provided by the SSP through macro replacement is not ensured, posing a risk of spoofing or manipulation.

2. Loss of Verification Signal:

• The loss of ancestorOrigins in Fenced Frames creates a significant verification gap. Alternative methods need to be identified.

Questions

1. New Verification Mechanisms:

• What mechanisms can Chrome introduce to allow verification vendors to verify the top-level URL within the Privacy Sandbox framework?

2. Alternative Signals:

• Are there alternative data points or signals that can be used within Fenced Frames to ensure the accuracy of the SSP-provided top-level URL?