Code of Conduct for Affiliates Using Browser Extensions and Other Client Software

• "Affiliate Link": Any link, redirect, or URL that contains affiliate tracking parameters, identifiers, or mechanisms that enable attribution of a transaction to a publisher, including links that redirect to or through such tracking mechanisms.
• "Direct Benefit": A direct monetary or points-based benefit (cashback, loyalty points, rewards currency, or similar)
• “Direct Benefit Software”: Software that provides a Direct Benefit to users, excluding software that offers only deals, coupons, price comparisons, or access to features.
• "First-touch": The first affiliate referral in a user's session with a given merchant, occurring before any other affiliate's referral to that merchant in that session.
• "Merchant Session": All user interactions with a specific merchant's website(s) and related checkout processes during a single Session, regardless of how many tabs, windows, or page navigations occur.
• "Overwrite": The act of replacing, refreshing, or superseding an existing affiliate cookie or tracking attribution with a different affiliate's tracking, whether through a new click, redirect, or other mechanism.
• "Participating Software": Browser extensions and other client-side software that participate in affiliate programs and agree to comply with this Code of Conduct.
• "Stand-down": The mandatory cessation of all affiliate-related activity for a merchant when another affiliate previously referred the user in the same Session.
• "Session": A period of continuous browser activity within a browser profile, beginning when the browser is launched or when the user resumes activity after a period of inactivity, and ending according to the criteria defined in Section 4.2.
• “Sub-affiliate”: A publisher operating under another publisher's affiliate account rather than its own account directly with a network.
• "Super-affiliate": A publisher that manages or combines other publishers, rather than each publisher having a relationship directly with a network.
• "First Affiliate Referral": The initial Affiliate Link click or tracking activation for a specific merchant within a Session, establishing which publisher first referred the user to that merchant.

This COC defines minimum, mandatory standards for the operation of browser extensions and other client-side software (henceforth, “participating software” or “software”) participating in affiliate programmes across all networks.

Key objectives:

• Protect genuine user intent
• Prevent unfair interference with tracking and payment
• Standardize rules across networks
• Improve transparency, auditability, and trust
• Ensure that attribution is consistent, correct, and fair

These standards apply to all publishers using client-side software, including cashback, coupon, reward, deal-discovery, any combination of those, and any other publisher using software. Participating networks require compliance with these rules by all such publishers. Publishers that agree to these rules agree to comply with them as to all networks.

Networks and merchants may set their own rules that are stricter than this COC. Nothing in this COC requires networks or merchants to allow a specific affiliate or specific practice. Nothing in this COC prevents a network or merchant from banning some or all client-side software.

Participating software may only operate if it has been knowingly and intentionally installed. No software may be provided in a bundle with software from any third party.

If a single company provides broader functionality (such as an operating system, device, browser, or VPN) that includes participating software, the participating software must obtain a separate user consent to show affiliate links. It must be possible for a user to decline that request while receiving unrelated functionality.

Participating software must have a distinctive, clear name. Do not use a name that can easily be confused with other software (“Chrome”). Do not use a name designed to mislead (“Click to Activate”).

In any installation framework that discloses or declares the permissions required for installation, participating software should request the minimum permissions consistent with its purpose. If the installation framework allows a description of the reason for each required permission, participating software must do so.

Every invocation of an affiliate link must entail an actual user click on a user interface element that reasonably relates to the user receiving an immediate, tangible, contemporaneous benefit from the software. The user’s action must be clear, deliberate, visible, explicit, and contemporaneous. The action must relate to the merchant journey and shopping intent. Model language: “Activate cashback”, “Claim points”.

The following actions specifically are not grounds to invoke an affiliate link:

• A button or link labeled “OK”, “Yes”, “Agree”, or similar
• Closing or dismissing a window, “Cancel”, “X”, “Dismiss”, or similar.
• An error message or status message.
• A report that no coupons or discounts are available, or that a user already has the best price
• A hover or scroll
• Page-load, rearranging or resizing windows, inspecting DOM, printing, saving, viewing source, adding or managing bookmarks
• [not sure about these] any background check, any popup, or any pre-load or pre-site activation.

There must be no “automatic click” function.

If participating software searches for coupons but finds none that apply, or attempts to apply discount codes that do not result in any price reduction, that alone is not a permitted circumstance to invoke an affiliate link. However, this restriction does not apply when:

• The affiliate link invocation is tied to a Direct Benefit
• The user's click action clearly relates to activating that Direct Benefit
• Coupon codes are offered as an additional, supplementary feature.

In such cases, the affiliate link may be invoked based on the primary benefit, regardless of whether supplementary code testing is successful.

If another affiliate referred a user to a given merchant within the same session, participating software must stand down for that merchant.

For purposes of determining stand-down, participating software must track which affiliate made the first referral to a given merchant within the current Session. This tracking must persist throughout the Session, regardless of when the participating software itself was activated.

While in stand-down, participating software must cease all affiliate-related activity for the merchant. In particular, the software must not:

• Present, invoke, redirect to, or otherwise enable affiliate links for that merchant
• Refresh, extend, or overwrite any affiliate cookies
• Perform background checks, background tracking, or deferred affiliate actions
• Display any marketing prompts, including fly-outs, notifications, bubbles, or alerts, whether promoting that merchant or any other
• Alter its user interface to draw attention to the merchant or to the availability of benefits

During stand-down, the software must appear and behave identically to its behavior on sites where no affiliate benefits are available.

Participating software must implement reliable mechanisms to detect prior affiliate referrals.

Each affiliate network or merchant signing this COC may provide one or more patterns by which a browser extension can identify links for that network or merchant. All such patterns will be published at [place]. Participating software must recognize every such pattern, whether it appears in an original link (e.g. on a web publisher’s site), in an intermediate redirect, or at a final landing page.

If participating software proposes to detect prior affiliate referrals via a method other than reviewing links, redirects, and landing page URLs, the software provider must explain its method and demonstrate the effectiveness of that method.

Stand-down must continue for the duration of the user's Session. For purposes of stand-down, the relevant period begins when any affiliate makes a referral (whether or not the user clicked that affiliate's link first in their Session), and ends upon the earliest of:

1. Browser-level inactivity (preferred method)

Sixty (60) consecutive minutes with no foreground user interaction within the browser profile where the extension operates. Foreground user interaction includes deliberate mouse, keyboard, or touch input within any page in any tab in any window in that browser profile. Background activity, scripted actions, timers, page visibility changes, and network requests do not constitute user interaction.

Activity in other applications, other browser profiles, or at the operating system level is not relevant and need not be detected.

2. Fallback duration (if inactivity detection not implemented)

If participating software does not implement browser-level inactivity detection as described in (1), it must apply a conservative minimum stand-down period of ninety (90) minutes from the most recent affiliate referral.

3. Browser and device termination

The browser is fully closed and the device is powered off for at least sixty (60) minutes. Sleep, standby, hibernation, tab discard, or browser restart do not end a session.

This duration must not be shortened for any reason, including tab changes, page refreshes, browser restarts, or background processes.

Stand-down obligations apply at the merchant level, not the network level. Software complying with this COC must recognize all affiliate links, from all networks, present in the “triggers and detection” list. This obligation applies even if the software only participates in a subset of those affiliate networks.

If participating software has a relationship with a given merchant through multiple affiliate networks, it may not change from one network to another in an attempt to avoid stand-down obligations.

When a browser extension detects a prior affiliate referral for the same merchant, it must stand down regardless of which affiliate network facilitated the initial referral.

Participating software must not treat a change in affiliate network, tracking domain, or program identifier as grounds to reset stand-down behaviour where the user continues browsing the same merchant site.

For purposes of merchant-level stand-down, different domains for the same merchant (e.g., merchant.com, merchant.co.uk, merchant.de, merchant.com/small-business) are considered the same merchant. Participating software must not invoke affiliate links on alternative domains of the same merchant.

4.4.1 Tracking loss notification for First Affiliate Referral

If Direct Benefit Software was the First Affiliate Referral in a user's Merchant Session, and another affiliate subsequently overwrites the Direct Benefit Software’s tracking, the Direct Benefit Software MAY display a single message to inform the user that the benefit is no longer on track and to offer an opportunity to reactivate the benefit, provided that all of the following requirements are satisfied:

• The software can demonstrate it was the First Affiliate Referral in that Merchant Session (e.g., user activated the software's cashback function or arrived at the merchant via the software's referral link before any other affiliate referral occurred).
• The notification appears only in the specific browser tab or window where the user originally activated the benefit or first arrived at the merchant.
• The notification is displayed no more than once per Merchant Session, even if other affiliates overwrite the tracking more than once.
• The notification is factual and explains that tracking was lost due to visiting another site. Model language: "Your {cashback/points} is no longer active because you visited another site. Click here if you want to reactivate your {cashback/points} with {software name}."
• The notification does not automatically reactivate any affiliate link or refresh any cookie.
• Reactivation requires an explicit additional user action (such as clicking a clearly labeled button within the notification).

This exception does NOT permit software to display notifications when it was not the First Affiliate Referral. If another affiliate referred the user first, section 4.4.2 applies instead.

4.4.2 User-initiated reactivation

If Direct Benefit Software was not the First Affiliate Referral (i.e., another affiliate referred the user before the Direct Benefit Software made a referral), the software must remain in complete stand-down and may not show the notification authorized by section 4.4.1. If a user affirmatively activates the Direct Benefit Software during stand down without any prompting by the software (e.g., by clicking the software's icon), the software must truthfully state that it is disabled because the user recently clicked another marketing offer, and may offer the user the opportunity to reactivate that benefit.

Any such message may only be shown if the user affirmatively requests it by interacting with the software's interface. Such a message specifically must not appear in a popup, slider, toast, or other automatic notification. The software's on-screen icon must not flash, animate, highlight, change color, display a badge, show an exclamation mark or, show an X, or otherwise attract the user's attention through visual changes.

Model language: "{software name} is currently disabled because you recently clicked another marketing offer. If you want to claim {cashback} at this site, click {button/link} to reactivate {software name}."

No affiliate link may be invoked, nor any affiliate cookie refreshed, extended, or overwritten, unless the user affirmatively chooses to do so.

A network may disallow Direct Benefit Software from claiming the benefit of this subsection by so instructing in a written policy to that effect.

A “publisher brand” may use software built by a separate technology provider (“white-label”) if all of the following conditions are met:

• The existence and role of the technology provider is disclosed to the network and advertisers, including in the publisher’s description within the affiliate network. The technology provider must be listed with its legal name.
• The publisher brand is the legal entity named on the affiliate account.
• The publisher brand controls branding, messaging, and consumer positioning.
• The technology provider has signed this Code of Conduct and is independently auditable.
• The publisher brand notifies each affiliate network it promotes, submits to any required testing, and receives approval.

Where a publisher brand uses software built by a separate technology provider, the publisher brand and technology provider are jointly accountable for compliance. Breaches in one deployment may trigger review of other deployments using the same technology. Networks may impose sanctions, or require changes, to all plugins from the technology provider.

All participating software presenting affiliate links must use direct links that are associated with an affiliate account operated by the same legal entity marketing the software.

Participating software must not track via sub-affiliates or super-affiliates. Every relationship between participating software and an affiliate network must use the software’s own legal name and legal entity. Networks may waive this requirement for good cause, with notice to all merchants who use any super-affiliate or aggregator that includes participating software.

Participating software must not resell tracking access, buy tracking access from any other source, obscure the identity of the tracking entity, or insert intermediary tracking layers between the extension, the network, and the advertiser.

If a single company provides both web placements (e.g. from its web site) and placements in participating software, the company must tag or label the traffic in a way that distinguishes between software and non-software traffic, or place the software and non-software traffic into two separate publisher accounts.

If a single company provides both web placements and placements in participating software, any merchant may require that the software promote that merchant in the web placements only. In that case, the software must operate in “perpetual stand-down” mode for that merchant, and must not use the software to invoke an affiliate link even if the user affirmatively requests.

Some affiliate networks employ attribution mitigation mechanisms, including but not limited to “soft click” cookies or similar models, to reduce the risk of misattribution between publisher types.

Such mechanisms may reduce financial or attributional harm resulting from non-compliant behavior. However:

• The existence or application of soft click or similar mechanisms does not render non-compliant behavior acceptable
• Soft click status does not permit conduct that would otherwise violate this Code, including stand-down, overwrite, user intent, or transparency requirements
• Participating software must not rely on attribution mitigation mechanisms as a justification for initiating, refreshing, or attempting to preserve affiliate attribution

Attribution mitigation mechanisms are not substitutes for compliant behavior. This COC regulates conduct, regardless of how a network ultimately determines attribution or commission.

If a network employs an attribution mitigation mechanism, it may grant exceptions to that mechanism at its discretion, based on any factor or factors known to it, such as history of compliance or noncompliance, code review (per Section 8.1), market position and ability to satisfy a judgment, and other factors at the network’s discretion.

Participating software must take reasonable steps to exclude discount codes and coupon codes known to be expired, invalid, or disabled. If a merchant provides a list of such codes, participating software must promptly honor that list and no longer present such codes in software, on the web, or anywhere else.

A publisher must exercise reasonable diligence to assure that the codes it presents are valid and working. It is not reasonable diligence to continue to present a code that has not worked for any user for 7 days.

If a publisher uses participating software, its affiliate account, in each affiliate network, must use any metadata provided by the affiliate network to receive a declaration about use of a browser extension (“special promotional methods”). If no such mechanism is available, that affiliate account must use a free-text description to accurately describe its promotional methods. If no such free-text description is available, the affiliate must send a written declaration to the network, and must maintain a copy of the dated transmission.

All publishers using participating software must provide a signed electronic declaration confirming:

• Compliance with this Code of Conduct
• Full disclosure of:
  • Extension functionality
  • Trigger logic and stand-down logic
  • Affiliate cookie behavior, including creation, refresh, extension, suppression, and overwrite conditions
  • Attribution timing and conditions, including when attribution may occur, when it must not occur (including stand-down), and any time-based or session-based rules applied
• Agreement to audits and testing
• Agreement to alert network to material changes in code, configuration, or behavior

A participating network may require a software publisher to provide the code that embodies its stand-down logic. A network may require such disclosure for all software publishers, as part of an investigation of suspected violations, as a condition for expedited review, and/or as part of a review for potential benefits.

Networks receiving code from a software publisher should treat the code appropriately:

• Disclosed code is confidential, proprietary information
• Disclosed code must be used solely for proper purposes and must not be shared with other publishers, advertisers, or third parties

Networks should exercise reasonable diligence in testing appropriate scenarios including:

• Competing affiliate journeys
• Multi-tab and multi-window scenarios
• Cashback and coupon journeys
• Cross-network merchant journeys
• Consent-rejected journeys (where applicable)

Networks should set the frequency and depth of testing based on network size, resources, violations previously found, and the amount of traffic attributed to participating software.

Test outcomes should be:

• Shared with other networks that follow this COC
• Timely communicated to affected advertisers
• Actioned consistently, bearing in mind all relevant factors including publisher size, sophistication, any prior violations, and any insights from testing and/or code review

Any network or other person conducting tests should take reasonable steps to preserve evidence demonstrating a violation or alleged violation of this COC.

Participating software must not take any action designed to conceal its behavior from testers. It is a violation to behave differently in ways that are intended to impede testing. It is a violation to implement operational logic or stand-down other than what is described in a publisher’s disclosures required under this COC.

It is a violation for a client to obtain a stand-down decision by checking with a server. The entirety of stand-down logic must be implemented within the browser extension, client-side. Server-side calls for the purpose of determining stand-down behavior are strictly prohibited. All stand-down decisions must be deterministic based on client-side logic.

Any telemetry must be transmitted in a way that can be examined by testers. It is permissible to transmit telemetry in plaintext secured by HTTPS. Do not add additional encoding (such as a second level of encryption) that would prevent testers from reading telemetry transmissions.

Minified JavaScript is acceptable. It is a violation to download or execute scripts dynamically.. Do not use JavaScript’s eval() method or similar mechanisms to execute a string fetched from a remote source. Do not build an interpreter to run commands fetched from a remote source.

Networks agreeing to this COC commit to:

• Exercise reasonable diligence in reviewing participating software before approval and upon notification of material changes
• Interpret this COC consistently, and enforce violations in good faith
• Collaborate with other network signatories to this COC
• Treat similar practices similarly, without preferential treatment based on affiliation, a software program’s size or revenue, or ownership relationships.

Networks should not compete on interpretation or enforcement of this COC**.**

Networks must enforce this Code of Conduct in good faith and with reasonable consistency. Enforcement actions should take into account the nature, severity, duration, scope, and intent of a violation.

Certain violations may warrant immediate and severe sanctions, including suspension or removal, even if identified for the first time. Such violations include, but are not limited to:

• Intentional interference with attribution or stand-down logic
• Deliberate circumvention of detection mechanisms
• Behavior designed to mislead advertisers, networks, or users
• Concealment of functionality or differential behavior intended to evade auditing or testing
• Any action intended to detect, block, mislead, or manipulate testing or testers

In assessing sanctions, networks may consider whether a violation is:

• Isolated or systemic
• Inadvertent or intentional
• Brief or longstanding
• Corrected promptly or allowed to persist

To the extent reasonably possible, networks should share testing results and violation evidence with other networks that adhere to this Code. Information sharing should be focused on compliance with this Code of Conduct and should not extend to commercial terms, pricing, commission structures, or other sensitive information.

• This Code should be:
  • Versioned
  • Reviewed annually
  • Updated collaboratively
• Changes require rough consensus among :
  • Participating networks
  • Advertiser representatives
  • Publisher representatives

Alternative attribution models (e.g. first-click or multi-touch) may reduce reliance on stand-down rules in the future but are outside the scope of this COC.