Skip to content

Reading Affiliate Cookies

laptop and cookies

Chris Tradgett

Netscape Navigator

Little Known Fact on Affiliate Cookies

Cookies weren’t a part of the very earliest affiliate activity in the Prodigy network and Tobin’s PC Flowers & Gifts, which used tracking invented by Tobin. In 1994, Lou Montulli, a Netscape programmer created the cookie. Initially this was simply for checking whether visitors to the Netscape Web site had already visited the website. Internet Explorer 2 then included support for cookies and extended the adoption of cookie use. 

In these early days cookies were set by default, though they were subject of Federal Trade Commission hearings as far back as 1996 and 1997 following a Financial Times article about cookies. Since then, cookies have been a central part of any online browser activity. 

How Cookies are Set

As covered in the previous article, a cookie is set in a user’s browser whenever a user visits or revisits a website where a cookie has been accepted. James Breckenridge puts it this way “I like to think of cookies as memories shared between two parties, a client and a server. Without these memories, the two parties are essentially meeting for the first time (like Goldfish)”.

It will allow an advertiser to either set a cookie or read the tracking information if it is a subsequent visit within the cookie duration. 

Whitestuff cookie banner

There are of course significant differences between how this happens between First and Third Party cookies, which was covered in the previous article. We also hear a differentiation between  “session cookies” and “persistent cookies.” 

In reality there is little difference; session cookies are just a shorter time period, usually 30 minutes after the browser is closed.

As the name indicates, a session cookie is active for one browsing track information during a single sitting or browsing session. In affiliate marketing, there is of course also the nuance that a persistent cookie may have a time limitation after which it expires, which is a client-side method to implement the ‘cookie window’. In a javascript cookie, a w3schools article notes that it can be shown as:

document cookie code

The cookie window can also be applied to a referral by a publisher by checks within the affiliate network’s referral validation processes.

Reading Cookies

Browsers allowing 3rd party cookies

Some browsers (notably Chrome) still allow companies with code snippets on the page visited by the user (e.g. for Ad trackers or Facebook) to have access to their own cookies (specifically cookies associated with the domain of the code snippet) and read contents even though they are not the primary business owning the website visited. 

James adds that “the easiest way to describe 3rd party cookies is that you don’t specifically visit the website that they are set from. It’s more like someone overhearing your conversation with the person you are communicating with and storing it and using it with or without your consent at a later date”.

That of course will change with Chrome’s forthcoming deprecation of so called third party cookies in 2024.

Browsers refusing 3rd party cookies

There are also operating system factors that come into play. Apple has rejected all third party cookies in Safari under its Intelligent Tracking Prevention (“ITP”) back in June 2017, as this CNET article from 2020 covers. So any tracking that is still relying on third party cookies will not work on Safari. 

That means around 27% of all mobile tracking, on around 1.8 billion mobile devices. As Safari accounts for over 24% of the combined mobile and desktop browsers worldwide (June 2022), that means a very significant proportion of all online tracking is affected.  Read more in the analysis of First-party vs Third-Party Cookies.

ITP impacts First-party Cookies Too

Safari and ITP 2.2

In a 2019 blog post, Simon Fung outlined the Partnerize approach to ITP and the evolution of ITP to that date. One of the most important facts from an affiliate viewpoint is that it also impacts first-party cookies, ITP deprecates first-party client-side cookies created via ‘document.cookie’ after 7 days, affecting most cookie windows. ITP version 2.2 then changed it to just 24 hours.

The server approach is one that many tracking networks have taken and aims to overcome [this cookie window issue] that is present in Safari even with the first party cookie. Having said that, Partnerize reports that 89% of conversions happen within a 7-day period.  

Server Tracking

It’s a common misconception that server-to-server tracking works without using cookies. Awin gives a useful outline of this in their article on server to server tracking uses a first -party cookie. Moonpull founder Steve Brown talked through some of this in a recent appearance on the Awin podcast.

Their solution combines this with the browser-side tracking using Mastertag to provide a more robust and ‘future-proof’ option; as their article states, 12.6% more cookies were seen when server-to-server was implemented.

The affiliate networks sometimes use different names for their server tracking and it’s fair to say that almost every system operates slightly differently. Thus almost all networks permit advertisers to set and read the necessary first party cookie using server-side code.    

Linkconnector have used ‘Naked Links’ for over a decade which usually uses javascript code on the advertiser’s site. That also drives content link and tag management systems. 

TUNE talk about Postback tracking and have used server tracking since the days of HasOffers. It is important to understand the how and when the user’s browser is interacting with the advertiser’s servers (so called server tracking) and when the user’s browser is interacting with the advertiser’s website downloaded into their browser (so the code is on the client machine and any cookies are set by the client).

This table gives a very rough outline of how ITP affects affiliate tracking.

HTTP Header Set30 daysSession or S2S
HTTP Header Set (CNAME Cloaked)7 daysSome S2S (not all are equal)
Javascript – Clean7 daysGoogle Analytics
Javascript – Known Tracker1 dayAd Tracker


The bottom line of all this is that it is important for publishers to know if their links are actually tracked properly. Our recent analysis has shown that up to 15% of links are compromised in some way. Moonpull provides the clarity to understand that handover process and see where the issues are an more important, how to solve them.

This is, as you may see from this brief outline, a complex area which we will examine in more detail in the next article. 

Subscribe to stay up to date

Moonpull orbit

Leave your details here and we’ll make sure you receive newsletter updates as they are released.

Subscribe to the Newsletter