Where CTV Ad Revenue Leaks: Protocol, Infrastructure, and Standards Failures

The market got big. The plumbing did not keep up.

US connected TV is no longer the upstart line item. The IAB projects that US digital video ad spend will pass $80 billion in 2026, growing faster than the ad market overall and crossing 60% of all TV and video budgets for the first time. Inside that total, the IAB's 2026 forecast puts CTV growth at 13.8% while linear TV slips 1.7%. The budget is moving to streaming, and it is moving fast.

The delivery stack underneath it did not scale as cleanly. A CTV impression is the end of a long chain: a request, one or more wrapper redirects, a VAST response, a media file, verification and measurement code, all of it resolving on a living-room device with a thin runtime and an impatient viewer. Every link in that chain is a place where money stops being working media.

The losses sort into three buckets. Protocol failures, where the ad tag itself is malformed or non-conforming. Infrastructure failures, where latency and redirect depth eat the impression before it renders. And non-compliance with standards, where the impression serves but cannot be measured, verified, or trusted. The first two are mostly preventable before launch. The third is what makes the whole market discount the inventory.

The macro number nobody wants to own

Start with the size of the leak, because it sets the stakes. The ANA's Programmatic Media Supply Chain Transparency Study found that of every dollar entering a demand-side platform, only about 36 cents reaches a consumer in working media. The study put roughly a quarter of open-web programmatic spend, around $22 billion a year, into the wasteful or unproductive column.

Fraud is its own slice of that. Juniper Research estimated $84 billion lost to ad fraud in 2023, about 22% of global digital ad spend, and projected it would rise toward $172 billion by 2028. CTV is now a prime target: Pixalate measured a 19% invalid-traffic rate for US connected TV in Q4 2025, and DoubleVerify reported that bots accounted for 65% of all CTV fraud, a higher share than any other channel.

Those are macro numbers, and not all of them are something a single ad-ops team can fix. But they describe the discount the market applies to inventory it cannot trust. The practical question for anyone shipping tags is narrower and more actionable: which of these losses are sitting in your own delivery path before the campaign even launches?

Protocol: the tag is broken before it serves

A VAST tag is a contract. The IAB specification says an InLine ad carries at least one Impression, that a MediaFile declares a delivery type and bitrate, that a Duration is present and well-formed, that wrapper chains terminate in real creative. A tag can violate any of those and still be valid XML that parses cleanly. It loads, and it is wrong.

When that happens on a player, it does not fail silently in the abstract. It fails with a code. VAST error 301 fires when a redirect does not return a valid response inside the timeout. Error 302 fires when the wrapper limit is reached. Those codes exist precisely because malformed and non-conforming tags are a leading cause of an ad slot going dark, and the slot going dark is revenue that was sold and not delivered.

The protocol surface is also a moving target across versions. VPAID, the old interactive and verification layer, ran arbitrary JavaScript inside the publisher's player. The IAB Tech Lab deprecated it in 2019 because it slowed page loads, opened a security and malware surface, and did not work on mobile or OTT. The replacement split the job into three conforming pieces: SIMID for interactivity, VAST for delivery, and OMID for verification. Tags that still lean on VPAID as a fallback, or that mix the layers incorrectly, are shipping a known-deprecated dependency into the exact environment, CTV, where it was never designed to run.

Protocol-level failures that quietly cost impressions

• Missing required fields: an InLine without an Impression, a Linear without a Duration, a Creative without a UniversalAdId in VAST 4.x.
• Malformed values: durations that do not match HH:MM:SS, MediaFile delivery types outside the allowed enum, URLs that are not valid URIs.
• Insecure resources: HTTP MediaFile or tracking URLs that get blocked by mixed-content policy on secure inventory, so the asset never loads and the beacon never fires.
• Deprecated dependencies: VPAID treated as a fallback instead of a migration to SIMID and OMID.
• Version drift: a tag that declares one VAST version but uses structures from another, so strict players reject it.

Infrastructure: latency and wrapper chains

Even a perfectly conforming tag loses money if it arrives too late. CTV viewers abandon quickly. A widely cited peer-reviewed study of 23 million video views (Krishnan and Sitaraman) found that viewers begin abandoning after about two seconds of startup delay, and that each additional second of delay raises the abandonment rate by roughly 5.8%. Time-to-first-frame is not a quality-of-experience nicety. It is a fill-and-completion lever.

Wrapper chains are where that latency accumulates. Each redirect is one more network dependency, one more timeout surface, one more place tracking can diverge from the final inline response. The VAST 4.2 specification recommends limiting a chain to five wrappers before an InLine response, after which a player may reject the rest of the chain. Players enforce their own timeouts well before that: the Google IMA SDK defaults to a five-second load timeout per wrapper. A chain that is technically legal can still blow the budget one hop at a time.

The reason this matters so much in CTV specifically is that the completion bar is high. FreeWheel's marketplace report puts long-form and CTV video completion around 95%. When nearly every successfully rendered ad runs to completion, the impressions you lose are almost entirely the ones that never rendered: the timeout, the dead redirect, the asset that loaded too slowly to count. The loss hides in the gap between ads requested and ads served, not in the completion rate you actually report.

Non-compliance: served, but unmeasurable

The third bucket is the one that depresses the price of the whole pool. An impression can render perfectly and still be worth less because no one can prove it happened the way the buyer needs.

Standardized measurement coverage is still partial on CTV. When the IAB Tech Lab extended the Open Measurement SDK to Samsung and LG in 2024, it described that as bringing OM SDK to about 40% of the CTV market, which means the majority of CTV was still outside the standard measurement path. DoubleVerify found that only half of CTV impressions offered full app-level transparency in 2024. Server-side ad insertion compounds this: because beacons fire from the server rather than the player, the MRC's SSAI and OTT guidance is explicit that viewability and interaction cannot be confirmed the way a client-side beacon confirms them, which is why client beacons are still recommended even under SSAI.

Put those together and a large share of CTV inventory is technically delivered but hard to verify, and unverifiable inventory trades at a discount. DoubleVerify's own framing is blunt: absent verification, more than one in four CTV impressions would fail to meet the minimum bar for fraud-free, viewable, brand-safe, brand-suitable delivery, and it estimates roughly $700,000 in wasted spend for every billion impressions when viewability protections are missing. Compliance with the measurement standards is not paperwork. It is what lets the impression be sold at full value.

What you actually control before launch

Two of the three buckets are addressable before a single impression serves, and they are the two that do not require a measurement contract or a fraud vendor to fix. The protocol bucket is deterministic: a tag either conforms to its declared VAST version or it does not, and that is checkable. The infrastructure bucket is mostly observable: wrapper depth, redirect timing, final media attributes, and insecure resources can all be inspected on the real chain before you traffic it.

The non-compliance bucket is partly yours too. You cannot single-handedly fix CTV measurement coverage, but you can make sure your tags carry conforming verification and interactivity layers, secure resources, and the required identifiers, so your inventory is on the right side of the line when measurement is available.

The point is to stop treating these as post-mortem categories. Underdelivery, low fill, and reporting disputes are usually the late symptoms of failures that were visible in the tag and the chain at launch time.

Where validation actually helps, and where it does not

Be honest about scope. A linter cannot recover money lost to bot fraud, cannot extend measurement coverage to a platform that lacks it, and cannot make a slow CDN fast. Those need verification vendors, measurement partners, and infrastructure work.

What a linter does is remove an entire class of loss deterministically: the malformed, non-conforming, insecure, or deprecated tag that was going to fail or go unmeasured before it ever left your hands. That is the protocol bucket in full and a meaningful part of the compliance bucket, checked in milliseconds against the published IAB specification, with a stable rule ID and a spec reference for every finding.

vastlint is built for exactly that floor: 187 rules across VAST 2.0 through 4.3 plus VMAP, DAAST, SIMID, and OMID, available as a CLI, as libraries, as a GitHub Action, as a hosted MCP server, and as a URL inspector that walks every wrapper hop on the live chain. It will not fix the parts of CTV economics that are genuinely someone else's problem. It will make sure none of your lost revenue is the kind you could have caught for free.