URL poisoning, also known as location poisoning, is a method of tracking Web user behavior by adding an identification (ID) number to the page address (Uniform Resource Locator) line of the Web browser when a user visits a particular site.
This ID number can then be used to determine which pages on the site the user visits thereafter. Aggregating this kind of information can be useful for understanding how a user gets to a page, what products or services they may be interested in, and corelating user behavior to demographics.
URL poisoning resembles the use of cookie s. However, with URL poisoning, a user has no easy way to opt out. A server that employs URL poisoning assigns the ID as soon as the first page of the site is visited. The Web browser then considers this ID to be part of the URL. The ID remains and is recorded as long as the user visits other pages on the same site. It can also stay with the browser when the user visits Web sites that cooperate with the original site in tracking a user’s page sequence. Because a user may not want anyone to track pages that are visited, the use of URL poisoning is somewhat controversial.