X-Adblock-Key
The HTTP X-Adblock-Key response header is an unofficial HTTP header used by websites participating in the Acceptable Ads program to signal ad blockers the site's advertising meets the program's standards.
Note
The "X-" naming convention for HTTP headers, "X" referring to "experimental", has been deprecated per RFC 6648.
Usage
Ad blockers like AdGuard and Adblock Plus maintain an Acceptable Ads program allowing non-intrusive advertising to pass through their filters. Sites joining the program receive a cryptographic key pair. The public key and a signature are embedded in the X-Adblock-Key response header, which the extension reads and verifies on each page load.
The verification process works by checking the signature against the
concatenation of the request URI, host, and User-Agent
string,
separated by NUL (\0) characters. When the signature is valid,
the extension recognizes the site as a participant and allows
acceptable ads to display. The header is set server-side, typically
through a middleware or CDN configuration supplied by the ad blocker
vendor.
The value format is two Base64-encoded strings joined by an underscore. The first string is the RSA public key and the second is the digital signature. Both are generated by the ad blocker program operator and assigned to the publisher.
Values
Public key and signature pair
The header value contains a Base64-encoded RSA public key, followed by an underscore, followed by a Base64-encoded signature.
X-Adblock-Key: [base64-public-key]_[base64-signature]
The public key identifies the publisher account within the Acceptable
Ads program. The signature is computed over the request URI, host,
and User-Agent string concatenated with NUL (\0) characters, and
is used by the browser extension to confirm the key matches the
request being made.
Example
A site participating in the Acceptable Ads program includes this header on every response. The first segment (before the underscore) is the RSA public key assigned to the publisher. The second segment is the signature, computed over the request URI, host, and User-Agent concatenated with NUL characters.
X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAN..._MoSSrRtMmKgs/Mrbk9BSK...
The extension verifies the signature at page load time. A passing verification causes acceptable ads on the page to be unblocked, while other ad requests remain filtered.
Takeaway
The X-Adblock-Key header is a publisher Authentication mechanism for the Acceptable Ads program. Sites include an RSA public key and signature in the header, allowing extensions like AdGuard and Adblock Plus to verify participation and permit non-intrusive ads.