How to prevent javascript linking

Question

I'm serving a javascript file from my server. How do I prevent direct linking to it so that the server doesn't get used to serve the javascript to other websites?

Why would you want to do that? – Guidhouse Mar 25 '11 at 07:27 — Guidhouse, Mar 25 '11 at 07:27

score 3 · Accepted Answer · edited May 23 '17 at 12:06

3

The usual techniques for blocking hotlinking apply.

edited May 23 '17 at 12:06

Community

1
1

answered Mar 25 '11 at 07:28

Quentin

914,110
126
1,211
1,335

Yes, but there are some Javascript techniques as well, like [Martin's answer](http://stackoverflow.com/a/5429700/247696). – Flimm Aug 27 '15 at 12:27

score 3 · Answer 2 · answered Mar 25 '11 at 07:30

3

To discourage hotlinking you could put annoying code in the script and have that execute if window.location doesn't match your own site:

while (window.location.hostname !== 'www.example.com')
  alert('Plz stop hotlinking');

answered Mar 25 '11 at 07:30

Martin

37,119
15
73
82

but that would still serve the file and consume my bandwidth. – sami Mar 25 '11 at 08:20
1

@sami yes, but you would render the script unusable to others and nobody in their right mind would link to it. – Martin Mar 25 '11 at 09:23

score 1 · Answer 3 · answered Mar 25 '11 at 07:27

There is no good way to do so. However, you could do some referer checks or check the values from the location object and make the JavaScript do bad things when embedded from a different site.

When doing referer checks don't forget to allow an empty referer as some people block referers.

How to prevent javascript linking

3 Answers3