Prevent affiliate networks from seeing your landing page (34)
SOLVED: Prevent affiliate networks from seeing your landing page in imobitrax
What are some ways to do this?
Besides double meta refresh, which leaks and slows load speed (bad for mobile).
I'm using imobitrax and right now, if someone types in my landing page URL + subid value (domain.com/landingpage.php?subid=12345), they can see the enitre landing page.
A piece of code that redirects/displays a blank page if the user didn't come directly from my tracking domain might work.
Any ideas?
EDIT: here's the code to add to the top of your landing page:
if (empty($_SERVER['HTTP_REFERER'])) header( 'Location: http://redirecturl.com' ); ?>
I have no idea how to do this but I'm curious why we would bother.
Is this if you're worried the network wouldn't approve of your landing page or are you worried they will steal it?
Both...
Simplest way would be a referrer check that redirects elsewhere if the user didn't come from e.g. your tracking domain or traffic source. Won't stop anyone seeing the lander if they go via your tracking link or click on your ads of course.
Check out the referrer checking part of Tijn's guide - http://stmforum.com/forum/showthread...ts-Part-2-of-3
In short, you could add the following to the top of your landing page:
<?php
$ref = $_SERVER['HTTP_REFERER'];
$ref_ok = 'baseredirect.php';
if ( preg_match("($ref_ok)i", $ref, $matches) == false ) {
//no match - redirect
header('Location: http://domain.com/fakepage.html');
die();
}
?>
Thanks zeno!
I replaced "baseredirect.php" with "click.php" since my tracking links look like "http://xxxxxx.com/click.php?c=634&key=po021mq1".
I pasted the code at the very top of my lander, but it didn't work. When I click my tracking link, my lander redirects to the fakepage. (Perhaps imobitrax automatically blanks the referrer or something?)
Load something via your iMobiTrax link and watch the http headers through the web developer console of whatever browser you are using, i.e. find out the exact redirect hops that lead to your page. You could also load your lander and go to page info > see if referrer URL is stated (in FF for example it is).
What Zeno posted above works, but not 100% of the time since some browsers pass referrers and some not.
From my experience, if you want to hide your lander, no matter what you will lose a chunk of legit traffic too.
Depends on you if making the lander hidden is worth losing some traffic.
If you redirected through an SSL page would that do the trick?
That would certainly stop the referrer being passed to the affiliate network - but I think jblint is looking for a way to stop them viewing the LP when they do have the URL.
Originally Posted by zeno
So right now, my referrer URLs in cake show up as "domain.com/landingpage.php/?subid=1223" (confirmed by my AM).
Anyone can view my landing page through that URL since it includes the subid value.
Is there a way to change the referrer URL that gets passed to cake, or make it just show "domain.com/landingpage.php"? Want to stay away from methods that use extra redirections since they increase load time.
I feel like this should be a standard feature of iMobitrax. By default, iMobitrax prevents people from seeing your lander if they have just the landing page URL, but if they have the subid (which they will, since it gets passed in the referrer), they can still see your lander. Kind of a useless feature if you ask me...
I just tested an idea but it doesn't seem to have worked as well as I'd hoped. I think there were a lot of clicks that got lost due to it.
Basically the idea is to have the user go through an intermediary link, drop a cookie, then redirect to the actual landing page (all hosted on same domain, so relatively fast redirects).
The actual page will have a short piece of php to check for the cookie at the top of the page.. if not, it redirects to another page/straight to the offer or whatever you like it to do.
I think the persistence of these cookies is something that isn't always cross-browser compatible and thus is somewhat flawed - just like the referrer method.
Figured this out!
Basically what zeno said, but here's the working code to add at the very top of the lander:
if (empty($_SERVER['HTTP_REFERER'])) header( 'Location: http://redirecturl.com' ); ?>
The only issues I can think of are 1) click loss, since a small percentage of real clicks will be reported as *missing* referrers
and 2) if the affiliate network/advertiser gets to your landing page through a clickable link (like through their dashboard), the referrer will pass and they'll see your landing page. I guess the way to overcome this is to find out these referring domains and blacklist them.
It would be great if someone can comment on whether Cake shows the referrer as a clickable link or just a text URL.
The click loss you'll get from blank referrers is simply too high to justify imho.
Maybe it depends who you're targeting. I'm only getting 1-5% click loss.
And even then, I'm redirecting them to a secondary landing page.
You can make the secondary landing page as good/shitty as you want depending whether your goal is to be compliant with advertisers guidelines or prevent affiliates from spying on you.
That is probably the best approach to use IF you redirect to a single, useful lander - i.e. you can see my campaign, but only the single, reasonably good lander that I allow you to.
Also, preventing referrer passing in the first place could help here - i.e. have your outgoing CTA link (which I assume is an iMobiTrax link?) as https. If you are worried about speed i.e. the decrease when using SSL, you could always load e.g. a 1x1 pixel gif at the end of the page (or even delay it's load using javascript), via https and with the same domain name as your tracking system to do all the SSL handshake crap that adds time, have persistent SSL connections enabled (e.g. timeout 20 s), then there should be no speed impact when people click out.
Originally Posted by zeno
I'm sending over 1 million clicks/day to my landing page. Is this still a viable solution?
Can any tech guys do a split test between using a double meta refresh and not? I'd like to see clicks/conversion difference
As long as your server can handle it, it will be fine. SSL adds time to everything due to the need for handshakes, which take something like 3-4x the end user latency to your server to occur, want one definitely close to the source of traffic. It also adds more CPU overhead server wise but it shouldn't be a problem.
If you want to cloak the referrer sent to the affiliate network then using an https link before the affiliate link is the way to go, and if doing so then establishing an SSL connection beforehand will make the redirect time faster. I just thought of that approach now but it should work provided your server is configured accordingly (i.e. to have x seconds SSL timeout, session sharing enabled, etc.)
@stackman - yep, I've got some software (which you may be aware of 
) that will make that a trivial test to do. Will get on it soon.
Could always find their IP, then route on IP.
What I've done with my LPs is not just check to see that the referrer is not empty, but 1 step further, verify that the referrer is from a some media source that I am advertising on. So wherever you advertise, figure out what the referring url looks like is (e.g would contain "main.exoclick.com" is you advertise on exoclick), then you have 2 checks:
1) referrer is not empty
2) referrer contains string matching my list of allowed referrers
for example, you could have an array in PHP with your allowed referrers.
$referrers = ["main.exoclick.com", "myOtherSource.com"];
That being said, even that isn't foolproof, a lot of people can figure out what you're doing (this is nothing new or unique, its everywhere on the web) and make a page on their own server called:
myDomain.com/fooled-you.html?haha=main.exoclick.com
with a link to your LP on that page, so when they click the link, guess what... "main.exoclick.com" is now contained in the referrer string, therefor your check fails, and they can see your LP.
You can geek out like crazy with this even further than I've described, but it's probably not worth the time and effort, if someone wants your landing page, they can get it.
But for those interested, here's way to make it more even more foolproof:
check that the referrer is the first part of the string, so that only referrers beginning with "http://main.exoclick" would pass, et cetera, et cetera until you're satisfied.
You probably want to check that the entire first part of the string is "http://main.exoclick.com/" - otherwise a subdomain can get through. For example, main.exoclick.com.mydomain.com/lols/
Good thinking! Basic checks like this can make it much harder to spy on your lander.
so dont alot of networks blank out the referrer anyway...
Off the top of my head Airpush and leadbolt when i look at the referrer all i get is "unknown"
a very good landing page that I found is budbi.com
I have no idea how they do it... but the landing page is really just budbi.com
but the page itself is changing into lots of lander...
and when you try to view source... it displays a wordpress default source of budbi.com (direct/blank referrer)...
but when you click on one of their banners.. and go through the funnel... budbi.com displays a different page
It will be PHP on the backend... which you can't see as it's processed before being sent to your browser.
It's not difficult to make a setup like this where you don't have a ginormous query string in your URL but its outside the comfortable zone for most who don't understand tracking well, let alone PHP.
Side note, that page has a tonne of retargeting pixels (good work!) and is probably run directly by Advidi.
If your domain containing landing pages was HTTPS it would not send the referrer but not sure like others have said about performance issues
When more browsers finally obey the rel="noreferrer" tag, i was testing this last week to see what worked and what did'nt
Double meta refresh
Firefox DMR = Hidden
Android Browser DMR = Hidden
Chrome DMR = Shows
Safari DMR = Shows
Opera DMR = Shows
IE DMR = Hidden
Using the rel="noreferrer" tag
Firefox rel="noreferrer" = Shows
Android rel="noreferrer" = Hidden
Chrome rel="noreferrer" = Hidden
Safari rel="noreferrer" = Hidden
Opera rel="noreferrer" = Shows
NEW Version Opera rel="noreferrer" = Hidden
IE rel="noreferrer" = Shows
So for the minute i use DMR + rel="noreferrer" tag on links and buttons
Maybe in php something where add an extra variable to your landing page url inside tracking software like &check=123
check for that strip it with a single refresh removing the &check=123 and showing them the landing page
Any clicks that did not have &check=123 will just see a message
Of course the referrer from the landing page wont contain the &check123 as we stripped it out
then if that variable is not present when someone like network visits show something else like a message
just tried it seems to work ok, something like this can change the &check=123 to what ever you like
<?php
$uri = $_SERVER['REQUEST_URI'];
if(strpos($uri, '&check=123') !== false) {
setcookie("check", "1", time()+3600, "/","", 0);
header('location: '.substr($uri, 0, strpos($uri, '&check=123')));
}
if(isset($_COOKIE["check"]))
{
//landing page code for legit users
echo "Landing Page Code";
}
else
{
//code or message for other visitors
echo "Hello you seem to be lost";
}
?>
Probably a better way, but i need a coffee
is there a way to get rid of the token, without doing a refresh?
My 2 cents:
If you're worried about your network stealing from you, you shouldn't be working with that network.
It's fine to hide your stuff if you do everything on your own and don't trust your network/advertiser. But a network should be more than a middle man to you. You should feel comfortable showing your lander to your network for suggestions on how to improve it, for tips, or for reassurance that you're doing it right.
Might be an idealist mindset though. Many affiliates do block out their referrers, and it's of course their right to do so.
Not trying to high jack the thread but can this anyway help with spy tools? Would be nice if when anyone clicks your landing page url and its not from a trusted referrer (Your tracker or traffic source)...it gets sent to a bullshit lander, blank page or direct to offer.
That's a whole other issue but is easy to do.
You just have PHP at the top of your page that checks the referrer > if OK then does nothing, if not then redirect elsewhere or include a different lander.
See here http://stmforum.com/forum/showthread...ll=1#post48866 and here http://stmforum.com/forum/showthread...highlight=dick
Originally Posted by karim0028
in mobile there is no "quick refresh".
Originally Posted by karim0028
On mobile android default browser and safari mobile browser obey the rel="noreferrer" tag so that wont send any referrer, although test it to double check
Originally Posted by karim0028
I have tested this and about 15% of phones had either no support for cookies or turned off.
Home > Technical & Creative Skills > Tracking Campaigns