Cookie stuffing

Cookie stuffing (also cookie dropping) is a blackhat[neutrality is disputed] online marketing technique used to generate illegitimate[neutrality is disputed] affiliate sales. Cookie stuffing occurs when a user visits a website, and as a result of that visit receives a third-party cookie from an entirely different website (the target affiliate website), usually without the user being aware of it.[1] When (if) the user visits the target website and completes a qualifying transaction, the cookie stuffer is paid a commission. Depending on the terms of the affiliate agreement a qualifying transaction may refer to creating an account, making a purchase, completing an application (loan, credit, etc.), or subscribing to a newsletter.



Websites that run an affiliate program, pay a commission to affiliates for introducing visitors who then complete one or more qualifying transactions. Other website owners often join affiliate programs to earn the commission, usually by simply sending visitors to the site running the affiliate program via a special link or advertisement. When the user clicks this special link, a single cookie is usually placed on a user's computer; this is not cookie stuffing. This is considered normal practice and is how affiliate marketers generate genuine income. By definition, cookies can only be considered to be stuffed when one or more is placed on a user's computer purely as a result of viewing a page or more than one is added at a time as a result of a single click. Taken to the extreme dozens of cookies can be stuffed in a scattergun approach in the hope that the user will visit one of the several target affiliate sites and complete a qualifying transaction.

Cookie stuffing is often referred[by whom?] to as a blackhat online marketing technique. This not only has the potential to generate fraudulent affiliate income for the cookie stuffer, but may also overwrite legitimate affiliate cookies, essentially stealing the commission from another affiliate. It is perfectly normal[original research?] for a user to visit a website, click on a link and be directed to a target affiliate site but not complete a qualifying transaction at that time. That user may revisit the target affiliate website at some later time and complete a qualifying transaction. The original referring affiliate would be credited with the transaction and make a commission.

The problem occurs when a cookie stuffing site stuffs all its visitors with a batch of cookies in a scattergun approach. The genuine affiliate cookie may get overwritten and when the user visits the target affiliate site and completes a qualifying transaction, the cookie stuffer gets the credit instead of the original affiliate who had brought about the first genuine visit to the target site.

User-generated content

Operators of websites that allow user-generated content, such as forums that allow users to post content, should be aware of the various cookie stuffing techniques, and how to combat them, in order to protect their visitors from this type of activity. Cookie stuffing can be accomplished with something as simple as including an image in a forum post or signature. The image link is compromised on purpose by the cookie stuffer and made to simulate a click by forum visitors on an affiliate link.


Techniques used to accomplish cookie stuffing are very similar to those used in cross-site request forgery (CSRF) attacks.


Pop-ups are actually a method of cookie stuffing accepted by most affiliate networks. The pop-up gets the website visitor to visit your site and of course gives them an affiliate cookie. The most common place to find this happening is on review sites where the affiliate “reviews” a product. Companies pay a commission for customers that were interested in their product, but still wanted more information before purchasing. This is probably the most innocent form of cookie stuffing, but is still stuffing none-the-less. This method can be defeated by utilizing pop-up blocking software.

Frames and Iframes

Iframes are a way of embedding a page within a page. A webmaster embeds a web page with one simple line of code. The affiliate embeds an I-Frame onto their page that loads their affiliate URL. Frames work in a similar fashion.


The "IMG" HTML tag forces a browser to attempt to retrieve an image at any URL. It doesn’t matter if the URL supplied doesn't have an extension like ".jpg", ".gif", or ".png" at the end. For instance, "img src=" would actually get anyone that visits that page to send a visit to Google. Affiliate links can be put in directly or by creating a redirect in their .htaccess. This is how affiliates cookie stuff user content


JavaScript can be used to force a user to visit any URL where the end result is visiting the affiliate URL.


Cascading Style Sheets define how a web page will be displayed. They are retrieved just like an image would be – the browser is instructed to visit a URL. The affiliate could put the direct affiliate URL into the style sheet as an image and have it loaded that way. This is one of the harder methods to detect.


Adobe Flash is commonly used to create interactive media on the web, and contains functionality which allows developers to force a website user to visit an affiliate link while removing or spoofing the referrer information so that the affiliate network won't know where the traffic came from. A common tactic is to have the spoofed referring site be a legitimate or white hat affiliate site to mask the fact that cookie stuffing is being carried out.

See also


Wikimedia Foundation. 2010.

Look at other dictionaries:

  • Spamdexing — For spam on Wikipedia, see Wikipedia:Spam and Wikipedia:WikiProject Spam. In computing, spamdexing (also known as search spam, search engine spam, web spam or Search Engine Poisoning)[1] is the deliberate manipulation of search engine indexes. It …   Wikipedia

  • Affiliate marketing — Internet marketing Display advertising Email marketing E mail marketing software Interactive advertising …   Wikipedia

  • Shawn Hogan — This article is about the American businessman. For the Canadian singer songwriter, see Sean Hogan. Shawn Hogan in 2006. Shawn D. Hogan (born September 1, 1975) is the founder and CEO of Digital Point Solutions, a San Diego based business… …   Wikipedia

  • Streit's — Infobox Company name = Aron Streit, Inc. type = Private genre = foundation = New York City, U.S. (1916) founder = Aron Streit location city = New York City location country = United States location = locations = area served = United States Other… …   Wikipedia

  • Melonpan — Typical Japanese melonpan Homemade melon buns …   Wikipedia

  • List of Friday characters — This list is incomplete; you can help by expanding it. The following are major and minor characters who appeared in Friday, Next Friday, Friday After Next, and the upcoming Last Friday. Contents: 0–9 A B C D E …   Wikipedia

  • Iranian cuisine — Persian Arts Visual Arts Painting …   Wikipedia

  • McDonald's Thanksgiving Parade — The McDonald s Thanksgiving Parade, Chicago s Grand Holiday Tradition, is an annual parade produced and presented by the Chicago Festival Association (CFA). It is held on State Street in downtown Chicago, Illinois, every Thanksgiving morning… …   Wikipedia

  • Glossary of baseball (C) — Contents 1 Cactus League 2 caddy 3 called shot 4 called up …   Wikipedia

  • Drogenjargon — Jede Subkultur hat ihre eigene Sprache.[1] In der Drogenszene hat sich über Jahre eine eigene Szenesprache entwickelt. Die Szene bzw. Straßensprache ergänzt bzw. ersetzt im Drogenmilieu die Umgangssprache. Mittlerweile ist in diese Terminologie… …   Deutsch Wikipedia

Share the article and excerpts

Direct link
Do a right-click on the link above
and select “Copy Link”

We are using cookies for the best presentation of our site. Continuing to use this site, you agree with this.