Cookie-Stuffing Targeting
Cookie-Stuffing Targeting Major Affiliate Merchants - Ben Edelman

This page reports cookie-stuffing by, targeting

As of November 8, the page was #13 in Google results for "travelocity coupon" (without quotes). Along with a HTML TITLE tag and a META DESCRIPTION tag, the specified URL included the following JavaScript redirect:

<script language="JavaScript">
window.location.href = '/redir.php?p=63466&f=yes&c=211&m=';

The /redir.php?p=63466&f=yes&c=211&m= URL then performed a HTTP 302 redirect to a CJ BFAST tracking link, as follows:

GET /redir.php?p=63466&f=yes&c=211&m= HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/, application/, application/msword, application/x-shockwave-flash, */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322)
Connection: Keep-Alive

HTTP/1.1 302 Found
Date: Tue, 09 Nov 2004 02:18:26 GMT
Server: Apache/2.0.52 (Unix) DAV/2 PHP/4.3.8
X-Powered-By: PHP/4.3.8
Content-Length: 0
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html

The net effect is that when a user follows the Google search result, cookies are set automatically -- precisely the definition of cookie-stuffing. Had wanted to use the intermediary /frame.php script to redirect to Travelocity, while avoiding the risk of cookie-stuffing, it would have needed to tell Google not to index its the frame.php page, e.g. using a META tag or a robots.txt file to that effect.

Note that while the /frame.php page opened a popup (the /popup.php?... URL referenced in the first HTML snippet above), the /frame.php page is actually a redirect to Travelocity. The filename notwithstanding, "frame.php" is not a bona fide frame that surrounds Travelocity content with content.

The redirect method causes the user's back button not to work properly. After clicking through the Google /frame.php link to couponmountain, and after being redirected to Travelocity, the user cannot press Back to return to Google results. Rather, pressing Back takes the user only as far back as the couponmountain redirect page, which immediately returns the user to Travelocity. (See video.) This method of redirects violates the W3C's Quality Assurance recommendation "Use standard redirects: don't break the back button!".

I captured the resulting on-screen display in a video (WindowsMedia format, view in Full Screen mode). I also preserved a full packet log of these findings.

In my testing, this is but one of many affiilate web sites targeting this and other merchants. For example, the #15 Google result for "travelocity coupon" is , which uses cookie stuffing precisely along the lines of that previously shown as to findsavings's targeting of Priceline and TigerDirect. The #17 Google result is , which uses cookie stuffing precisely along the lines of that shown as to consumernow's targeting of Toshiba, Netzero, JCWhitney, and DentalPlans. See also targeting Travelocity.