Breadcrumbs

How to handle Go URLs?

A Go URL is a redirect URL provided by Kelkoo Group which allows your end-user to go to a merchant webpage while registering your traffic activity on our network. All traffic you send through Kelkoo will route through this redirect URL.

There are several things to consider when using a working with the Kelkoo Go URL:

  • it has a limited lifespan

  • it is immutable

  • it can't be used inside an iframe

  • the browser frame must be visible, asynchronous background calls are not allowed (in particular from a browser extension or a mobile SDK)

  • the browser must have Javascript enabled

  • the browser must be allowed to store first party cookies

  • the browser user agent must not be modified

  • it is forbidden to crawl with a robot the go urls to check their validity

  • if the click is detected as robotic by DataDome, the DataDome Captcha must be passed

If one or more of the above conditions are not respected the user won't be redirected to the merchant destination page, and the click will not be counted.

Limited lifespan

A Go URL points to an offer that has a limited lifespan. In order to reduce the frequency of 404 errors due to expired offers, we advise the following:

  • if possible, avoid any caching of Go URLs obtained by querying Kelkoo's live services (Shopping API Search).

  • for Go URLs obtained through Shopping Feeds, or if caching is a necessity, keep Go URLs stored for the shortest duration possible.

Immutable

A Go URL is immutable: you shall not modify it in any way except by adding publisher parameters.

If you modify it, the GO URL will be invalid. Your end-user will have an error and the click won't be counted into your leads.

In particular, you must not:

  • modify the value of the trackingId parameter, prefer using custom parameters for your reporting needs

  • modify the value of the .ts parameter

  • modify the value of the url parameter

  • decode the url, some parameters are urlencoded on purpose

Restricted context

For security reasons, and to protect us from clickjacking attacks, you are not allowed to use our GO URL inside an iframe. If for technical reasons you can't remove your iframe, we suggest instead you open our links in a new tab that will get the focus, with the HTML attribute target="_blank"

Security Reponse headers

To protect us from various malicious attacks, the following security headers are added to every response:

  • Referrer-Policy: origin-when-cross-origin, strict-origin-when-cross-origin

  • X-Frame-Options: DENY

  • X-XSS-Protection: 1; mode=block

  • X-Content-Type-Options: nosniff

  • X-Permitted-Cross-Domain-Policies: master-only