How does image hotlink protection work?

3

Some images on the Internet have what is called "hotlink protection" (for example, when image searching on Google).

I understand the reasoning for this and that it saves bandwidth.

However, how does the webserver know that the browser is loading the page from another page that is not the original? E.g how does it know it's a google search?

Joseph A.

Posted 2016-04-06T22:06:00.380

Reputation: 1 844

Answers

5

When your browser requests an image for a web page, it sends with the request a header called Referer. The browser populates that header with the URL of the original page that the image is embedded on. Servers can inspect this header, and if the referer is not their own website, refuse to serve the file.

heavyd

Posted 2016-04-06T22:06:00.380

Reputation: 54 755

Notably, this means that this "protection" is actually an honor system which works because most users use normal standard browsers that don't lie to you. It's not protecting against individual savvy users who still want your embedded images to load for them - it's protecting against other websites pointing normal users to your stuff from their pages. A browser which simply faked the Referer header would circumvent this "protection". – mtraceur – 2017-02-25T23:55:23.073

Asked: 2016-04-06T22:06:00.380

Viewed: 161 times

Active: 2016-04-06T23:37:47.050