This is not an article about fillings for a chocolate chip biscuit - sorry if you were mistaken. When we talk about a cookie here, we are referring to a small code, or script, that can be used by websites to store your information.
Basically, a cookie is usually used to store information - like a site visitor’s login details or search preference. There are more malevolent tricks that can be employed by cookies, or rather by the people that design and then use them, and cookie stuffing is certainly in the running for the title of ‘Blackhat Champion’.
This article does not condone this practice; it is frowned upon by most affiliate networks and will get the offender banned if caught. If you decide to implement anything you read in this article you do so at your own risk!
This is a method of forcing a cookie onto a user’s computer. The cookie in question will be an affiliate link and the trick is to sneak it onto a visitor’s computer, or ‘stuff’ it on there, without them realizing.
When you sign up to promote an affiliate program you will receive an affiliate link. Whenever anyone clicks on this special link a cookie is placed on their computer. This is so the affiliate merchant will know that they have come from your site, or affiliate link, and you will be credited with any purchase they make and earn your commission. In this case, the cookie is simply a tracking method.
If you are promoting an affiliate product i.e. you hope to earn commission by encouraging someone to buy the product you recommend, you want to ensure that your visitor uses your affiliate link to then go to the merchants order page. Then if they purchase the product you will earn your commission.
The problem is that people are not always that kind.
Some people will resent handing you any commission, or simply distrust affiliate looking links. After reading your pitch or recommendation, instead of clicking your link to go to the order page they will bypass your link, type the product URL into their browser address bar and go to the supplier directly. The end result is that you lose your commission.
By adopting the cookie stuffing approach even if the visitor does bypass your affiliate link, your link was instantly installed on their computer the second they visited your page. This means that if they then order the product the supplier’s page will see your cookie on their computer and simply assume that they were referred by via that link and you still get your commission.
Cookie stuffing can be performed in a few different ways but they are all based around the same principle. Sneaking an affiliate link onto a visitor’s computer unnoticed.
Today, with social media and other factors, Google is able to distinguish what's bad and what's good. While the search engines can't read your content, it can do a good job picking up other signals. For example, if your bounce rate is too high or a user clicks away from your search result too fast, it could be a sign your content is poor.
There are 3 main methods of the cookie stuff, these are:
This first example, image stuffing, is probably the easiest and most common version – it is also the version that is easiest to spot and get you banned.
This method involves replacing an image source code with an affiliate link. Normally, in a websites HTML an image would be displayed by using:
If you were to try to view the image on your website all you would now see was a little white box containing a red X. You have removed the location, or source, of the image and therefore it cannot be found.
What happens instead is that when a visitor opens up your webpage, your page will attempt to load your affiliate URL onto their computer instead of the image.
How many times have you seen a red X on a website and just thought that it was a problem with the image? Most people do assume this and will never suspect a thing. However, be warned that any affiliate manager or merchant that sees this will probably suspect a rouse and you will probably be banned.
The IFrame method involves adding this code into your webpage HTML code:
What this does is create a tiny 1 pixel x 1 pixel iframe on your page that is barely noticeable to most people. The chances are that anyone that does see it will merely assume that it is a glitch.
This code does the same as the image stuff and loads your tracking cookie onto a visitor’s computer whenever they load your webpage.
This method is more secure and very safe compared to the previous two and involves adding some code into a .htaccess file.
.htaccess is a file that’s hidden in a website. This file can be in the main directory where index.html resides, in a subdomain, or a in a folder within the main directory.
The first step is to create a .htaccess file from a notepad text file, then place this code inside the .htaccess file:
RewriteRule signature.jpg http://www.affiliatelinkhere.com/ [L,R=301]
The signature.jpg is what will use on the website as the decoy image. This can be whatever you choose to call it, signature.jpg is just an example. When the visitor’s computer tries to load this signature.jpg file, it would be stuffed with the affiliate link.
For example, if a fake image file was placed on a website as say, yourdomain.com/signature.jpg then any visitor will be stuffed with the affiliate link. This is because when .htaccess reads this file, it does not load the image, but the affiliate link.
The final step is to copy and paste the code onto a text file, and save it as “.htaccess”. Simply, upload this file onto the directory of your website, and you will be able to stuff whatever signature.jpg is with an affiliate link.
The advantage with this method is that any affiliate link is hidden deep inside a website directory and is not visible to a visitor. Even if the cookie stuff was a fake image placed on a blog or forum, the broken image would look just like a plain old broken image to the webmaster because of there would be no affiliate link in the image file path. All the owner would see is a “/signature.jpg” and that looks like a genuine file path for an image link.
So that is cookie stuffing. Is it ethical? No. In most cases it is used to dupe visitors and to make undeserved commission from unsuspecting buyers.
There are instances when cookie stuffing is not used for malevolence but for protecting a sale or standing a greater chance of making a sale - for instance, using the technique to hide an affiliate link.
But this is a blackhat technique; in fact it is possibly the most blackhat technique available and is spoken of in hushed whispers even within the underground fraternity. It is a method that can have severe repercussions for anyone discovered using it and there are many cases where people have been sued or even had a jail term imposed.
This guide was intended to inform and educate you about the fact that cookie stuffing does exist and to explain how the technique is performed. Using the technique is not encouraged but hopefully, by reading this you will be better prepared to spot any potential cookie stuff and arm yourself against any potential malicious intent.