Unknown beacon calls to ad servers

Question

On my site I found that there are lots of beacon calls happening like this

 <img src="http://ib.adnxs.com/getuid?http://cmap.an.ace.advertising.com/cfcm.ashx?providerId=1006&amp;appnexus_uid=$UID" width="1" height="1" class=""> <img src="http://tags.bluekai.com/site/4470?id=TA3672b770-d9d0-11e4-b9de-00163e82216c" width="1" height="1" class=""> <img src="http://dpm.demdex.net/ibs:dpid=416&amp;dpuuid=TA3672b770-d9d0-11e4-b9de-00163e82216c" width="1" height="1" class=""> <img src="http://s.thebrighttag.com/cs?tp=ao&amp;aolid=TA3672b770-d9d0-11e4-b9de-00163e82216c" width="1" height="1" class=""> <img src="http://d.turn.com/r/du/id/L2NzaWQvMS9tcGlkLzMwNTU3ODEz/mpuid/TA3672b770-d9d0-11e4-b9de-00163e82216c" width="1" height="1" class=""> <img src="http://dp-td.com/r/dt/id/L21rdC80L21waWQvMzMxNTMzNg/mpuid/TA3672b770-d9d0-11e4-b9de-00163e82216c" width="1" height="1" class=""> <img src="http://e.nexac.com/e/aol_sync.xgi?na_exid=TA3672b770-d9d0-11e4-b9de-00163e82216c" width="1" height="1" class=""> <img src="http://idsync.rlcdn.com/362408.gif?partner_uid=TA3672b770-d9d0-11e4-b9de-00163e82216c" width="1" height="1" class=""> <img src="http://adadvisor.net/adscores/g.pixel?sid=9201883608&amp;aid=TA3672b770-d9d0-11e4-b9de-00163e82216c" width="1" height="1" class=""> <img src="http://p.acxiom-online.com/pixel/smt?pid=3034&amp;t=3034&amp;ot=pixel&amp;uid=TA3672b770-d9d0-11e4-b9de-00163e82216c" width="1" height="1" class=""> <img src="http://ckm-m.xp1.ru4.com/cx?_i=42102464&amp;_u=TA3672b770-d9d0-11e4-b9de-00163e82216c" width="1" height="1" class=""> <img src="http://d.agkn.com/pixel/2134/?dpids=131902&amp;plaid=1&amp;camid=03222013&amp;partner_id=TA3672b770-d9d0-11e4-b9de-00163e82216c" width="1" height="1" class=""> 

After digging it further I found this call an 1x1 pixel iframe with src http://cmap.uac.ace.advertising.com/um.ashx?site=852146&rCode=1&cb=4893281 on the page. This iframe is adding all these beacon calls to different ad servers. My question is -

1. What purpose do these beacons serve ?
2. Can they cause harm to users of my site ?

Answer 1

Mostly these are used for tracking purposes, Javascript alone can't do cross site requests without CORS being enabled on external sites.

When the iframe requests the images from the external site, a cookie is generated and stored on your computer. So when you go to another site with the same tracking provider enabled, based on REQUEST URI they can tell that you visited both these sites.

This tracking is not always done for marketing purposes, it can also be used to create a form of sticky session for a load balanced 3rd party authentication server. Based on your cookie data the load balancer will always point you to the server you first authenticated with.

Answer 2

Can they cause harm to users of my site ?

They can cause significant slowdowns for people on mobile browsers. Also some might argue the privacy of your visitors is being violated.

Answer 3

As pointed above, they serve tracking purpose. As it is your website and you're not aware on how it landed on your site, I believe its probably because of any advertising programs you run.

So many requests like that will definitely impact the performance of your website. Below are the steps you can take to debug the same.

1. Select one specific page on your website that produces this outcome and confirm whether its consistent or just for few browsers, fresh visits etc.
2. Install and enable AdBlock plus Firefox addon and try replicating the scenario, if these do not show up, its definitely advertisements.
3. Use Firebug to identify where exactly on your page it appears. You can disable adblock for this and keep hovering on all the ads to point the exact spot.
4. If that is an advertiser, you can talk to them regarding this, or just try a different one if they do not generate good revenue.
5. If it is not an advertiser, it can be a web stat tracking snippet you might have added to track users, again you can use firebug to identify the same. Can even try adding a local host entry on your machine to block requests to that tracker and see if these snippets appear.