Cookie-Stuffing Targeting travelocity.com
Cookie-Stuffing Targeting Major Affiliate
Merchants - Ben Edelman
This page reports cookie-stuffing by couponmountain.com, targeting travelocity.com.
As of November 8, the http://www.couponmountain.com/frame.php?p=63466&c=211 page was #13 in Google results for "travelocity coupon" (without quotes). Along with a HTML TITLE tag and a META DESCRIPTION tag, the specified URL included the following JavaScript redirect:
<script language="JavaScript">
<!--
window.open('/popup.php?p=63466&FIRST=1','popupWin','width=375,height=173,resizable=yes,scrolbars=yes');
window.location.href = '/redir.php?p=63466&f=yes&c=211&m=';
//-->
</script>
The /redir.php?p=63466&f=yes&c=211&m= URL then performed a HTTP 302 redirect to a CJ BFAST tracking link, as follows:
GET /redir.php?p=63466&f=yes&c=211&m= HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-excel,
application/vnd.ms-powerpoint, application/msword, application/x-shockwave-flash,
*/*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322)
Host: www.couponmountain.com
Connection: Keep-Alive
HTTP/1.1 302 Found
Date: Tue, 09 Nov 2004 02:18:26 GMT
Server: Apache/2.0.52 (Unix) DAV/2 PHP/4.3.8
X-Powered-By: PHP/4.3.8
Location: http://service.bfast.com/bfast/click?bfmid=18566&sourceid=38256224&categoryid=1657081&bfinfo=1425151_s1
Content-Length: 0
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: text/html
The net effect is that when a user follows the Google search result, cookies are set automatically -- precisely the definition of cookie-stuffing. Had couponmountain.com wanted to use the intermediary /frame.php script to redirect to Travelocity, while avoiding the risk of cookie-stuffing, it would have needed to tell Google not to index its the frame.php page, e.g. using a META tag or a robots.txt file to that effect.
Note that while the /frame.php page opened a popup (the /popup.php?... URL referenced in the first HTML snippet above), the /frame.php page is actually a redirect to Travelocity. The filename notwithstanding, "frame.php" is not a bona fide frame that surrounds Travelocity content with couponmountain.com content.
The couponmountain.com redirect method causes the user's back button not to work properly. After clicking through the Google /frame.php link to couponmountain, and after being redirected to Travelocity, the user cannot press Back to return to Google results. Rather, pressing Back takes the user only as far back as the couponmountain redirect page, which immediately returns the user to Travelocity. (See video.) This method of redirects violates the W3C's Quality Assurance recommendation "Use standard redirects: don't break the back button!".
I captured the resulting on-screen display in a video (WindowsMedia format, view in Full Screen mode). I also preserved a full packet log of these findings.
In my testing, this is but one of many affiilate web sites targeting this and other merchants. For example, the #15 Google result for "travelocity coupon" is www.findsavings.com/Travelocity-Coupons.asp , which uses cookie stuffing precisely along the lines of that previously shown as to findsavings's targeting of Priceline and TigerDirect. The #17 Google result is www.consumernow.com/Travelocity_coupon , which uses cookie stuffing precisely along the lines of that shown as to consumernow's targeting of Toshiba, Netzero, JCWhitney, and DentalPlans. See also xpcoupons.com targeting Travelocity.