How to Detect Discount Browser Extension Abuse in Affiliate Marketing

Discount or coupon browser extension abuse happens when coupon-finding or cashback extensions drop affiliate cookies on users visiting your site, claiming commission for sales they didn't influence. To detect it, look for high sales volume from publishers or subnetworks whose traffic sources can't be explained, typically subnetworks, cashback platforms, shopping comparison sites, or unknown affiliates generating sales with no visible promotion.

This guide covers how extension fraud works, how to detect which extensions are active on your site, and what to do about them.

How Browser Extension Affiliate Fraud Works

Browser extensions modify how people browse the web. For fraudulent extensions, here's the typical flow:

1. User installs a "coupon finder," cashback extension, or AI shopping assistant
2. When they visit your website, the extension pops up offering discounts, interrupting the user journey
3. The extension displays discount codes (these are sometimes legitimate, but often ar either leaked or completely made up)
4. When the user engages, clicking a code, clicking "apply" at checkout, or even just closing the extension in some cases it loads a new tab in the background (which is often small so the user can’t tell)
5. That tab drops an affiliate cookie on the user
6. The extension owner gets credit for the sale, even if the codes don't work

The extension adds affiliate-tracking parameters regardless of whether it provides any value. Even fake codes that don't work still trigger the cookie drop.

The extension intercepts the sale even if the customer found you through organic search, a paid ad, or another affiliate's content. Whoever would have received credit loses it to the extension.

Note, there are legitimate browser extensions in operation which have permission to do this.

Why Browser Extensions Are Growing

The scale of this problem is significant.

According to DemandSage's 2026 coupon statistics, 62% of consumers actively search for promo codes online, creating demand for coupon-finding tools. Honey alone captured 29% of the US market in 2023, while Rakuten reports over 20 million users.

DebugBear's Chrome extension statistics show that more than half of Chrome users have installed at least one extension, with 60% of mobile browser users installing third-party tools within a month of getting a new device.

The demographic most likely to use extensions? Users aged 25-34, who make up 29% of Chrome's user base—prime online shopping territory.

The Subnetwork Problem

Here's what most brands don't realise: you're probably working with browser extensions right now, even if your terms prohibit them.

Extensions don't join your affiliate programme directly. They operate through subnetworks, publishers who recruit and manage sub-publishers under their own affiliate ID.

These subnetworks typically pass themselves off as:
- Influencer networks
- Content platforms
- AI shopping search platforms
- Technology or media companies

They often have legitimate-looking websites and may even provide influencer profiles or content sites as evidence of their traffic sources. But when you look closer, the volume doesn't match all that revenue appearing at once with no proportional content or engagement.

New subnetworks are constantly popping up making it hard for affiliate teams to know who to trust.

When you see sales in your affiliate dashboard, you only see the subnetwork's name. The actual extension generating the sales is hidden.

This is why brands often say "we don't work with extensions" while extensions are actively earning commissions on their site. They genuinely don't know.

What about soft cookies and standown?

Soft cookies and stand-down are rules put in place by affiliate networks to try and stop extensions from overwriting other sources of traffic and claiming credit even if they don't provide any value to the users

Soft click is the mechanism that blocks the extensions affiliate ID from overwriting a previous referral.

Stand-down is when the extension is suppressed, so doesn’t appear if an earlier affiliate has been detected in the users journey.

The Affiliate and Partner Marketing Association audited these two technologies; you can see the guide here.

The overwhelming issue we see is that extensions don’t use their own publisher IDs, they use subnetworks, which means they aren’t subject to any of these rules. There are also instances of extensions actively avoiding standdown, such as in the Honey case that YouTuber MegaLag exposed (see here).

It’s our opinion that these rules are useful, but only if they are abided by which they are not for the most part.

How to Detect Browser Extension Abuse

1. Look for Unexplained Sales Volume

The most common red flag: a publisher or subnetwork generating significant sales that don't match their claimed traffic source.

Warning signs:
- Sudden spike in sales volume from a publisher claiming to be an influencer network or content platform
- They provide an influencer profile or content site as evidence, but the traffic/engagement doesn't support that volume
- Claim to be an "AI shopping search platform" or similar technology offering
- Sales appear across many different product categories (suggests automated cookie-dropping rather than targeted promotion)
- Volume appears all at once rather than growing gradually
- Conversion rate extremely high, and above expectations for that type of activity

2. Check for Attribution Override Patterns

Extensions typically grab last-click attribution. Watch for these patterns:

• Influencer or content affiliates complaining their conversions have dropped
• Your own paid search or organic traffic generating lower-than-expected affiliate sales
• Cashback platforms showing sales from customers who came through other channels

If customers are reaching you via legitimate channels but a different affiliate gets credit, an extension likely intercepted them.

3. Test Your Own Site

Install common coupon extensions and visit your site:

Visit your site and see what happens. Does the extension activate? Does it inject codes or drop cookies? If so, that extension is active in your programme.

Note, be very careful not to use discount codes when extensions are installed as they will add them to their database. This is a common cause of leakage.

4. Use Extension Monitoring Tools

Dedicated monitoring platforms can automatically detect which extensions are firing on your site, tracking:
- Which extensions are active
- How frequently they trigger
- Which affiliate IDs they're using
- What codes or tracking parameters they inject

For automated detection, see Marcode's browser extension monitoring.

We have built an entire system dedicated to tracking these.

5. Request Traffic Source Documentation

When you spot suspicious volume, ask the publisher to document their traffic sources:

• Website traffic analytics (verify with SimilarWeb)
• Social media posts and engagement
• Email campaign data
• Paid advertising spend and performance
• Influencer profiles with verifiable reach

They may provide evidence a content site, influencer profile, or platform description—but check if it matches the volume. If they're claiming 10,000 sales from an influencer with 5,000 followers and minimal engagement, or a blog with negligible traffic, it doesn't add up.

If the volume far exceeds what their claimed traffic source could generate, the sales are likely from an extension operating through their account.

What We See at Marcode

Based on monitoring hundreds of affiliate programmes, here's what we've learned about browser extension fraud:

It varies by vertical

Extension abuse depends heavily on customer demographics. Verticals where customers are more likely to have coupon extensions installed, particularly retail, e-commerce, travel, and subscription services see higher rates of extension fraud.

Brands don't know extensions are live

The most consistent pattern: brands discover the extent of extension activity only when they see monitoring data. They'll claim they don't work with extensions, then see 5-10 different extensions active on their site all operating via subnetworks they approved.

Extensions override valuable partners

The real damage isn't just paying commission for sales you'd get anyway. Extensions override attribution from affiliates providing genuine value—content creators, influencers, reviewers—killing the economics of partnerships that actually drive new customers.

Legitimate vs Fraudulent Extensions

Not all extension activity is fraud. There's a spectrum:

The question to ask: Did the extension provide value that influenced the purchase, or did it simply intercept attribution at the last second?

For most brands, the line comes down to transparency and user intent. If users knowingly chose a cashback programme, that's different from an extension silently dropping cookies.

How to Respond to Extension Abuse

Once you detect an extension operating through your programme:

Step 1: Identify the affiliate

• Check which publisher/subnetwork is earning the commissions
• Request affiliate ID data from your network if needed
• Document the evidence

Step 2: Contact the subnetwork

• Provide evidence of the extension activity
• Ask them to identify which sub-publisher is responsible
• Request immediate removal if it violates your terms

Step 3: Decide on action

• First offence + cooperative response: Warning and removal of the extension
• Unresponsive or repeat offender: Commission suspension and programme removal
• Can't identify the extension: Consider whether to continue working with that subnetwork

For detailed enforcement guidance, see how to deal with affiliate hijacking.

How to Prevent Extension Abuse

Update your terms and conditions

Explicitly prohibit browser extensions if that's your policy:
- Define what constitutes extension abuse
- State that operating through subnetworks doesn't exempt extensions
- Specify consequences for violations

Vet subnetworks carefully

Before approving subnetwork partners:
- Ask what vetting process they use for sub-publishers
- Request they exclude extensions from using their affiliate ID
- Include extension monitoring in your approval criteria

Monitor continuously

Periodic spot-checks won't catch extension activity. Extensions don't show up in search results or content as they're invisible until you actively monitor for them. Use Marcode if you are serious about this.

Consider allow-lists

Some brands take a pragmatic approach: prohibit most extensions but allow specific cashback platforms where users knowingly opted in. This requires clear criteria and regular review.

Key Takeaways

• 62% of consumers search for promo codes, driving demand for extensions like Honey (29% US market share) and Rakuten (20M+ users)
• Extensions operate through subnetworks, so brands often don't know they're active—even when 5-10 extensions are live on their site
• Common offenders include Coupert, LoveDeals, and AVG/Avast/Norton (Next Gen Technology), not just big-name extensions
• Detection relies on spotting high sales volume with no visible traffic source, or attribution override patterns
• The real damage is overriding valuable partners (influencers, content creators) who drive new customers
• Legitimate cashback programmes differ from silent cookie-droppers—enforcement depends on your policy

If browser extensions are affecting your programme, Marcode can detect which extensions are active and help you enforce your policy.