Cookie-Stuffing Targeting
Cookie-Stuffing Targeting Major Affiliate Merchants - Ben Edelman

This page reports cookie-stuffing by, targeting In my testing, this is but one of many affiilate web sites targeting this and other merchants.

As of November 4, the page was #53 in Google results for " coupon" (without quotes). The specified URL included multiple IMG (image) tags that, in their SRC ("source") tags reference Commission Junction tracking links. See the following example, repeated three times in the page's HTML code.

<IMG border='0' width='1' height='1' src=''>

The CJ /click link returns a series of redirects that ultimately take the user to a landing page. Internet Explorer requests these redirects notwithstanding that the /click link originates in an IMG tag -- a HTML construct capable only of showing an image, and incapable of showing a full web page of the sort ultimately returned by /click links. Furthermore, Internet Explorer sets cookies as instructed by the Set-Cookie headers in the various CJ redirects. As a result, notwithstanding that the CJ tracking link has been placed in an IMG tag rather than, e.g., in an IFRAME, the IMG tag is nonetheless successful at cookie-stuffing, and at setting tracking codes such that a user's ultimate signup with will cause commission to be paid to

Elsewhere in the page, the page correctly references CJ tracking links using A HREF (hyperlinks), and correctly references CJ image links using IMG SRC (image) tags.

I captured the resulting on-screen display in a video (WindowsMedia format, view in Full Screen mode). I also preserved a full packet log of these findings.