Cookie-Stuffing Targeting
Cookie-Stuffing Targeting Major Affiliate Merchants - Ben Edelman

This page reports cookie-stuffing by, targeting

As of November 8, the page included an IMG (image) tags that, in its SRC ("source") tag, referenced a Commission Junction tracking link. See the following IMG code, taken directly from the page's HTML code.

<img align='right' src=''>

As my ordinary Internet Explorer browser loaded this page (i.e. without me clicking on the image or on any other part of the coupon-monkey web page), my browser requested the /click-... link from Commission Junction. The CJ /click link returns a series of redirects that ultimately take the user to a landing page. Internet Explorer requests these redirects notwithstanding that the /click link originates in an IMG tag -- a HTML construct capable only of showing an image, and incapable of showing a full web page of the sort ultimately returned by /click links. Furthermore, Internet Explorer sets cookies as instructed by the Set-Cookie headers in the various CJ redirects. As a result, notwithstanding that the CJ tracking link has been placed in an IMG tag rather than, e.g., in an IFRAME, the IMG tag is nonetheless successful at cookie-stuffing, and at setting tracking codes such that a user's ultimate signup with will cause commission to be paid to

No other link, IMG tag, or other HTML element on this page includes any CJ /click link.

I captured the resulting on-screen display in a video (WindowsMedia format, view in Full Screen mode). I also preserved a full packet log of these findings and a full listing of the resulting cookies files.

Update (March 2005): Staff from recently wrote to me to represent that their reference to a CJ /CLICK link within an IMG tag was an error. Coupon-monkey staff say they intend to follow all applicable CJ rules, and they say this error was corrected when brought to their attention. Reviewing other pages on the Coupon-monkey site, I see no other pages currently using the IMG-based cookie-stuffing method, nor any other cookie-stuffing method, and Coupon-monkey's statement of the sequence events leading to the error (a copy-and-paste into the wrong field) seems credible and believable under the circumstances. I therefore tend to credit Coupon-monkey's claim that the cookie-stuffing at issue was unintentional.

In my testing, this is but one of many affiilate web sites targeting this and other merchants. For example, the #1 Google result for "globat coupon" is , which uses cookie stuffing precisely along the lines of that shown as to consumernow's targeting of Toshiba, Netzero, JCWhitney, and DentalPlans.