Quick Answer: Cookie stuffing is a tactic used by rogue affiliate marketers that involves “secretly” dropping cookies onto a user’s device in an attempt to generate additional commissions. In this blog post, we’ll explain exactly how it works, if it’s effective & how you can prevent it from happening.
If you run an affiliate program, you’ll have no doubt heard the term cookie stuffing.
And if you’re an affiliate marketer that’s ever spent any amount of time looking for “hacky” ways to generate extra commissions, you’ll have no doubt heard about it too.
But what exactly is cookie stuffing? How does it work? Is it actually effective?
And most importantly, as an affiliate program manager, how can you prevent it from happening?
In this blog post, we’ll explain all that & more.
What Exactly Is Cookie Stuffing?
Cookie stuffing is an underhand or blackhat tactic that involves “secretly” dropping cookies on a user’s device in an attempt to generate affiliate commissions.
You see basically, many affiliate programs leverage something known as “cookies” to track affiliate sales.
These are small text files that are stored on a user’s device when they click an affiliate link & they store the unique ID of the affiliate that referred them.
Their purpose is to help track commissions back to the correct affiliate if a user happens to click on a link but then makes their purchase at a later date.
So the website that the user was referred to essentially looks for the cookie on their device on their next visit & if it’s found, the affiliate that sent the person there will earn a commission even though the sale happened at a later date from the original click.
Then once the sale is made & the commission is awarded, the cookie is deleted.
And this, as you can likely see, is all fair & well… But the problem comes when rogue affiliates try to drop these cookies on the devices of users that haven’t actually clicked their links, without them knowing.
This is known as cookie stuffing.
But how can they do that? Well, let’s take a look.
How Does Cookie Stuffing Work?
So, as you now know from reading the section above, cookie stuffing involves “secretly” dropping an affiliate tracking cookie on a user’s device in an attempt to essentially steal commissions.
But how does it work? How do they get the cookies onto the user’s devices?
Well, there are many different ways that they can go about but the most common method is through the use of something known as an iframe.
In short, an iframe is essentially a “window” through to another website, that can be placed on a web page.
So, for example, let’s say we have 2 websites;
- Website A is a popular blog that gets 1,000’s visitors per day
- Website B is Amazon
Website A could add an iframe to their page that loads up Amazon in a small window, inside the page.
At first, it seems quite harmless… But what if this popular blog decided to load up Amazon via their affiliate link in the iframe & also decided to hide the iframe from view (which is entirely possible)?
Well, they would now be cookie stuffing every user that visited their blog. So all of the users visiting website A would be getting a cookie dropped onto their device & then if they later happened to buy something from Amazon, the owner of website A would receive a commission… Even though they didn’t technically refer them.
Not good, right?
So, with that in mind, you can see why cookie stuffing is a massive affiliate marketing no-no` and why affiliate program managers would want to prevent it.
Because if they allowed cookie stuffing, they’d be paying out commissions on sales that would have happened anyway & this would end up costing them a fortune.
There is some good news for affiliate managers though, which brings me to my next point.
Does Cookie Stuffing Actually Work?
Yes & no. Once upon a time, cookie stuffing was very effective & it was a big problem for affiliate program managers. Now, cookie stuffing is MUCH less of an issue.
Why?
Well, mainly because of the main browsers (such as Chrome, Firefox & Edge) changing their approaches to privacy & rolling out updates that began blocking third-party cookies.
So whereas once upon a time, a cookie would have been set on your device from a website that was loaded in an iframe, nowadays that doesn’t happen as it’s classed as a third-party cookie & automatically gets blocked.
This, however, doesn’t mean that cookie stuffing is completely eradicated. It just means it’s much harder to “hide”.
For example, whilst a website may previously have been able to load their affiliate links in an iframe & hide it from plain sight, they’d now have to physically get the page to load in a popup window to effectively drop the cookie.
The good news?
Most popups are automatically blocked and if they aren’t, it’s pretty freaking obvious to affiliate program managers that the affiliate is cookie stuffing so they can quickly shut down their affiliate accounts.
Of course, there are still affiliates that attempt it… But in reality, the days of cookie stuffing are pretty much gone.
Still, there are some preventative measures you can take, so let’s take a look at them.
How Can You Prevent Cookie Stuffing?
The good news is that preventing & detecting cookie stuffing is pretty easy.
To prevent it, you should:
- Make sure affiliate links can’t be loaded in an iframe by setting an X-FRAME-OPTIONS header.
- Set appropriate cookie expiration dates (less lifetime = less chance of cookie stuffing success).
- Verify the traffic sources of affiliates when they submit an affiliate application.
And to detect it, you just need to look for excessively high clicks to conversion rates.
For example, if an affiliate in your program is generating tens of thousands of clicks but only getting 1 or 2 conversions then there is a high chance that that affiliate is leveraging cookie stuffing.
Of course, you don’t need to assume & ban them straight away, but that would be a good time to call for a manual review of their traffic sources (and their website’s source code).
Wrapping It Up
Realistically, cookie stuffing is an outdated method that rogue affiliates once used to try & generate extra commissions.
Sometimes it worked successfully (such as the case when 2 guys stole over $35m in commissions from eBay), other times it wasn’t so successful.
But nowadays, with enhanced privacy online & stricter cookie policies, it’s not too big of an issue.
And unless you’ve got a website that’s generating millions upon millions of impressions, cookie stuffing just isn’t going to convert effectively.
But if you do have a website with that many impressions, you’d be better off just doing affiliate marketing legitimately. Even without tricks, you can earn a heck of a lot of money with affiliate marketing.
And the good news is that if you’re interested, our free affiliate marketing course teaches you how.
In it, you’ll learn the ins & outs of affiliate marketing as well as how to make the most money possible so we’d certainly recommend that you check it out before you leave.
But overall, we hope that you found this post insightful & we hope it helped you to better understand what cookie stuffing is, how it works & to prevent it.
Please do also feel free to leave any additional comments below.