Support

Find answers, guides, and tutorials to supercharge your content delivery.

Create a Zone Referrer (Hotlink Protection)

Updated on October 4, 2018
Create a Zone Referrer (Hotlink Protection)

Zone Referrers allow you to restrict HTTP referrers in order to prevent others from embedding your assets on other websites. This feature is also known as hotlink protection. Hotlink protection will save you bandwidth by prohibiting other sites from displaying your images.

  1. Sign in to the KeyCDN dashboard
  2. Click on Zone Referrer from the left navigation bar. Click on New Zone Referrer (blue button)
  3. Define a Referrer of your choice (e.g www.yourwebsite.com)
  4. Choose a Zone you want to map the Zone Referrer to
  5. Save the Zone Referrer

You can also define wildcard Zone Referrers such as *.example.com to allow all subdomains of a particular root domain to access your Zone’s content.

When using Zone Referrers, ensure that you have set all the domains for which you want to allow access to your assets. For a standard setup, you would add the following domains to your list of Zone Referrers:

  • Your Zone URL kxcdn.com (required for loading web fonts e.g. Font Awesome)
  • Your Origin URL (e.g. yourwebsite.com)
  • Your Zone Alias if you have one (e.g. cdn.yourwebsite.com).

You can also specify if you want to allow empty referrers or not from your Zone’s advanced features section.

This is set to enabled by default (which will allow empty referrers). However if you want additional protection you may set this to disabled therefore returning a 403 error to all requests without a HTTP referrer field.

The following cURL examples can be used to test if your Zone Refferers are properly set up. You can also use our HTTP Check tool to check this.

curl -I -H 'Referer: http://www.yourwebsite.com' http://<zonename>-<hexID>.kxcdn.com/path/to/your/asset.jpg
HTTP/1.1 200 OK
Server: keycdn-engine
Date: Fri, 15 Aug 2014 19:14:07 GMT
Content-Type: text/html
Content-Length: 1467
Last-Modified: Wed, 2 Jul 2014 12:57:48 GMT
Connection: keep-alive
ETag: "53c676cc-5bb"
X-Edge-Location: defr
Accept-Ranges: bytes

curl -I -H 'Referer: http://www.notyourwebsite.com' http://<zonename>-<hexID>.kxcdn.com/path/to/your/asset.jpg
HTTP/1.1 403 Forbidden
Server: keycdn-engine
Date: Fri, 15 Aug 2014 19:14:16 GMT
Content-Type: text/html
Content-Length: 1596
Connection: keep-alive
ETag: "53f77ee7-63c"