Fraud & Compliance
Cookie Stuffing
Dropping affiliate cookies without a genuine click to steal attribution credit.
Cookie stuffing is the practice of dropping affiliate tracking cookies on users' browsers without a genuine, intentional click — via hidden iframes, forced redirects, popunders, or injected scripts. When the user later converts organically or through another channel, the stuffer's cookie claims last-click attribution and collects the commission for a sale they never actually drove. It is fraud against both the advertiser and legitimate affiliates.
For media buyers, cookie stuffing matters in two ways: it can silently steal your attribution when a toolbar or rogue publisher overwrites your cookie downstream, and buying from sources that stuff will eventually get your account terminated with earnings confiscated. Programs with strong compliance teams cross-reference click timestamps against page engagement, so suspiciously high conversion rates with near-zero session depth are the classic tell they look for.
In buyer speech
“That publisher's EPC looks too good — zero time-on-site before conversion screams cookie stuffing, and I'm not risking our network account for it.”