Cookie stuffing
(also cookie dropping)
Cookie stuffing definition
Cookie stuffing is a deceptive technique used in affiliate marketing that involves placing tracking cookies onto a device without the user’s knowledge or consent. Cookie stuffing is used to fraudulently earn commissions for user actions that were not influenced by the affiliate.
Cookie stuffing is considered a fraudulent practice that violates the terms of service of most affiliate marketing platforms. Affiliates that are discovered to use cookie stuffing often end up banned and blacklisted. In many jurisdictions, cookie stuffing also breaches consumer privacy laws because it involves tracking the user without authorization.
See also: cookie theft, persistent cookie, secure cookie, session cookie, tracking cookie, first-party cookie, third-party cookie
How cookie stuffing works
Cookie stuffing exploits the way web browsers handle cookies used in affiliate marketing. Whenever a user clicks on an affiliate link and makes a purchase on the merchant’s website, a unique tracking cookie is placed on their device to identify the affiliate responsible for later compensation.
However, in cookie stuffing, a malicious actor forces the user’s browser to download affiliate cookies without the user’s knowledge, aiming to fraudulently take credit for that user’s actions. Typically, this involves embedding hidden elements (such as iframes or images) within web pages to trigger requests to the affiliate’s tracking URLs or using malicious scripts to simulate user actions.
Harm caused by cookie stuffing
When the end results for user activity are tallied by the merchant, affiliates involved in cookie stuffing may be awarded commissions for actions that were not genuinely influenced by their promotional efforts. This can lead to an unfair distribution of revenue and undermine the integrity of affiliate marketing programs.