Cookie Stuffing Myths Busted: Everything You Need to Know about This Fraud Type

Most advertisers believe that cookie stuffing is an absolutely unique fraud phenomenon that cannot be beaten. Well, it’s not like they are 100% mistaken – this ad fraud is really hard to deal with. 

Cookie stuffing is omnipresent, but also obscure, which makes it extremely harmful. Luckily, ADEX has been fighting fraud for years, so we know a thing or two about cookie stuffing, as well. Spoiler: indeed, dealing with this trouble is not easy, but possible. 

The basics: what are cookies? 

Before we discuss the issue of cookie stuffing, let’s define what cookies are. Shortly, cookies are small text files stored on the user’s browser. Websites use them to record and retrieve data and therefore – track user behavior, save login information, and store other details to ensure convenient website usage.

In affiliate marketing, program owners use cookies to identify concrete customer activities and see which affiliate partners brought leads. 

Here is how it works. The visitor clicks an ad and gets to the advertiser’s landing page. At this moment, a cookie is attached to the customer’s browser and stays there to “fix” that this person visited the landing page by clicking the affiliate link. If the visitor makes a purchase or comes back within a required period of time, the affiliate partner gets a commission.

No wonder that ad fraudsters found a way to interrupt the process and rip off the benefits. 

What is cookie stuffing and how do fraudsters act?

Obviously, ad fraudsters aim to steal commissions for various users’ actions: registrations, deposits, subscriptions, etc. Fraudsters buy the cheapest possible traffic to actually stuff cookies and get money for fake user activity. Let’s discuss some schemes:

Hidden ads

The widespread scheme is directing users to web pages and showing hidden ads to them. Users have no idea that they actually visited this site, while the ads stay invisible (their size is as small as 1×1 pixels). Still, the impression is counted, but nobody has ever seen the actual content. Will this bring any conversions and profit? Absolutely not.

Device farms

Another common ad fraud phenomenon is device farms of infected smartphones, tablets, and computers. The malware gets access to user devices through applications or software and displays ads in the invisible window. Oftentimes, these are fake versions of well-known programs, like ad blockers – they do complete the required functions, but also stuff cookies. 

The infected devices belong to regular users, who don’t have an idea about the background processes. Their phones and laptops follow links and visit websites without appearing to do so. Just like with hidden ads, advertisers pay for user impressions, while their ads have never been seen. So the budget goes down the drain.


Not all cookie stuffing techniques are invisible – some fraudsters use pop-up extension tools filled with cookie stuffing code and users actually see them. Not only do they see such notifications, but also click them.

In turn, the extension adds affiliate link cookies into their browsers. Logically, the pop-ups are not connected with the initial affiliate program, so the advertisers invest money and get nothing. 

Broken images

Broken images cookie stuffing must be one of the easiest and cheapest ways for criminals to add cookies into users’ browsers without being noticed. Affiliate fraudsters usually use affiliate links as the image source and place that image on a website. The image won’t be loaded properly, but the browser will try to follow the link, which entails cookie exchange.

Being a pretty simple way to drop cookies, this strategy allows fraudsters to cover large amounts of organic traffic. This technique is widespread around forums and large online shops like Amazon or eBay. Fraudsters create pages on these platforms and add affiliate link images to force cookie dropping on users’ devices. 

This happens when visitors simply open the page, view ads, or click the promotional offers. This way, every purchase or other targeted action is credited to a cheater. 


Another way to drop cookies secretly is JavaScript cookie stuffing. JavaScript is used by fraudsters to enforce user redirection to a different page. While the additional redirection happens, cookie exchange happens too fast, so that users cannot notice anything. 


Fraudsters use iframes to fit a separate HTML item into the website HTML. In most cases, the item is an ad placed on the page. This way, cheaters’ URLs are loaded on the visited web page, and the user’s device gets cookies while the website is loading. 

How does cookie stuffing affect campaigns regarding pricing models?

Cookie stuffing perfroms differently regarding the pricing model. Say, this is a rare thing for a CPC (cost per click) model. However, Revshare (revenue share) and CPA (cost per action) are pretty vulnerable for this type of ad fraud. The reason for their vulnerability is that both are connected with organic traffic theft. 

Hidden ads and device farms are used by fraudsters to actually steal a percentage from Revshare and get the CPA commission for an action, be it a registration, subscription, or survey. As we have already mentioned before, users’ devices run background processes, follow links, display invisible ads, and do other actions required in an affiliate program. 

Also, an extremely fruitful field for organic traffic theft is a model known as LPC (last paid click) also called Last Cookie Wins. In this attribution model, the fee for an action is credited to the paid source, the last in a chain of user journey, who clicked the required link before completing the required action. In case users came to your landing page themselves (without clicking any ads), but their cookies were stolen/changed by fraudsters, your organic traffic automatically turns into non-organic, and therefore – paid. 

What are the signs of cookie stuffing? 

Let’s see which signs are suspicious and may point to cookie stuffing: 

  • Traffic bounce

One of the main signs of cookie stuffing is the abnormal traffic growth on one of the landing pages. Using statistics, you may notice that some webmaster or CPA network sends a huge amount of users, but they never visit any other pages of your website.  One of the likeliest reasons for that is cookie stuffing technique that enforces hidden ads and other background processes.

  • Unrealistic conversion rates

Whenever the stats show too high or too low conversion rates, this might be connected with cookie stuffing. For high rates, we can suggest that fraudsters drop cookies into visitors’ browsers. If the traffic is high, but the conversion rate is low, this could be a sign that an affiliate is dropping cookies randomly all over the place, hoping that users will finally reach the advertiser’s landing page. 

  • Redirect pages

Redirects might be used as a simple way to stuff cookies. Before being directed to an advertiser’s landing page, users are sent to another page for a tiny second, but this is enough to drop cookies into their browsers. Luckily, such pages can be detected in your website stats. 

Cookie stuffing seems to be a real nightmare of the marketing world. However, even though some advertisers perceive this issue as something impossible to beat, ADEX is here to bust that myth. Read on to see how we deal with fraudsters.

How does ADEX save your website from cookie stuffing? 

ADEX deals with all kinds of ad fraud, including cookie stuffing. We provide a pack of features for fraud detection and prevention, so whenever you pour your traffic through ADEX, you can rest assured that fraudsters won’t have any chance to harm your budget and brand performance. 

To beat cookie stuffing, you need basic anti-fraud features present in the ADEX platform. The only thing you have to do is to set ADEX on all of your landing pages and cover the entire paid traffic volume you have. Please mind that in case of cookie stuffing, it is important to have all of your pages under ADEX protection – this is the only way to keep them away from cheaters.

If you have some questions about cookie stuffing and want to keep your traffic neat and clean, then contact us and join ADEX today! We can help you deal with any type of ad fraud.

    Get a quote

    Your company is a...

    Our representative will be in touch with you within 1 business day