World Library  
Flag as Inappropriate
Email this Article

Cookie stuffing

Article Id: WHEBN0019124983
Reproduction Date:

Title: Cookie stuffing  
Author: World Heritage Encyclopedia
Language: English
Subject: Spamdexing, Affiliate marketing
Publisher: World Heritage Encyclopedia

Cookie stuffing

Cookie stuffing (also cookie dropping) is a black hat[neutrality is disputed] online marketing technique used to generate illegitimate[neutrality is disputed] affiliate sales. Cookie stuffing occurs when a user visits a website, and as a result of that visit receives a third-party cookie from an entirely different website (the target affiliate website), usually without the user being aware of it.[1] When (if) the user visits the target website and completes a qualifying transaction, the cookie stuffer is paid a commission. Depending on the terms of the affiliate agreement a qualifying transaction may refer to creating an account, making a purchase, completing an application (loan, credit, etc.), or subscribing to a newsletter.


Websites that run an affiliate program, pay a commission to affiliates for introducing visitors who then complete one or more qualifying transactions. Other website owners often join affiliate programs to earn the commission, usually by simply sending visitors to the site running the affiliate program via a special link or advertisement. When the user clicks this special link, a single cookie is usually placed on a user's computer; this is not cookie stuffing. This is considered normal practice and is how affiliate marketers generate genuine income. By definition, cookies can only be considered to be stuffed when one or more is placed on a user's computer purely as a result of viewing a page or more than one is added at a time as a result of a single click. Taken to the extreme dozens of cookies can be stuffed in a scattergun approach in the hope that the user will visit one of the several target affiliate sites and complete a qualifying transaction.

Cookie stuffing is often referred[by whom?] to as a blackhat online marketing technique. This not only has the potential to generate fraudulent affiliate income for the cookie stuffer, but may also overwrite legitimate affiliate cookies, essentially stealing the commission from another affiliate. It is perfectly normal[original research?] for a user to visit a website, click on a link and be directed to a target affiliate site but not complete a qualifying transaction at that time. That user may revisit the target affiliate website at some later time and complete a qualifying transaction. The original referring affiliate would be credited with the transaction and make a commission. However, many affiliate programs award the commission to the most recent referring affiliate, not the original referring affiliate.

The problem occurs when a cookie stuffing site stuffs all its visitors with a batch of cookies in a scattergun approach. The genuine affiliate cookie may get overwritten and when the user visits the target affiliate site and completes a qualifying transaction, the cookie stuffer gets the credit instead of the original affiliate who had brought about the first genuine visit to the target site.

User-generated content

Operators of websites that allow user-generated content, such as forums that allow users to post content, should be aware of the various cookie stuffing techniques, and how to combat them, in order to protect their visitors from this type of activity. Cookie stuffing can be accomplished with something as simple as including an image in a forum post or signature. The image link is compromised on purpose by the cookie stuffer and made to simulate a click by forum visitors on an affiliate link.


Techniques used to accomplish cookie stuffing are very similar to those used in cross-site request forgery (CSRF) attacks.


Pop-ups are actually a method of cookie stuffing accepted by most affiliate networks. The pop-up gets the website visitor to visit your site and of course gives them an affiliate cookie. The most common place to find this happening is on review sites where the affiliate “reviews” a product. Companies pay a commission for customers that were interested in their product, but still wanted more information before purchasing. This is probably the most innocent form of cookie stuffing, but is still stuffing none-the-less. This method can be defeated by utilizing pop-up blocking software.

Frames and Iframes

Iframes are a way of embedding a page within a page. A webmaster embeds a web page with one simple line of code. The affiliate embeds an I-Frame onto their page that loads their affiliate URL. Frames work in a similar fashion.


The "IMG" HTML tag forces a browser to attempt to retrieve an image at any URL. It doesn’t matter if the URL supplied doesn't have an extension like ".jpg", ".gif", or ".png" at the end. For instance, "img src=.htaccess. This is how affiliates cookie stuff user content


JavaScript can be used to force a user to visit any URL where the end result is visiting the affiliate URL.


Cascading Style Sheets define how a web page will be displayed. They are retrieved just like an image would be – the browser is instructed to visit a URL. The affiliate could put the direct affiliate URL into the style sheet as an image and have it loaded that way. This is one of the harder methods to detect.


Adobe Flash is commonly used to create interactive media on the web, and contains functionality which allows developers to force a website user to visit an affiliate link while removing or spoofing the referrer information so that the affiliate network won't know where the traffic came from. A common tactic is to have the spoofed referring site be a legitimate or white hat affiliate site to mask the fact that cookie stuffing is being carried out.

See also


This article was sourced from Creative Commons Attribution-ShareAlike License; additional terms may apply. World Heritage Encyclopedia content is assembled from numerous content providers, Open Access Publishing, and in compliance with The Fair Access to Science and Technology Research Act (FASTR), Wikimedia Foundation, Inc., Public Library of Science, The Encyclopedia of Life, Open Book Publishers (OBP), PubMed, U.S. National Library of Medicine, National Center for Biotechnology Information, U.S. National Library of Medicine, National Institutes of Health (NIH), U.S. Department of Health & Human Services, and, which sources content from all federal, state, local, tribal, and territorial government publication portals (.gov, .mil, .edu). Funding for and content contributors is made possible from the U.S. Congress, E-Government Act of 2002.
Crowd sourced content that is contributed to World Heritage Encyclopedia is peer reviewed and edited by our editorial staff to ensure quality scholarly research articles.
By using this site, you agree to the Terms of Use and Privacy Policy. World Heritage Encyclopedia™ is a registered trademark of the World Public Library Association, a non-profit organization.

Copyright © World Library Foundation. All rights reserved. eBooks from Project Gutenberg are sponsored by the World Library Foundation,
a 501c(4) Member's Support Non-Profit Organization, and is NOT affiliated with any governmental agency or department.