Create a Zone Referrer (Hotlink Protection)
Zone Referrers allow you to restrict HTTP referrers in order to prevent others from embedding your assets on other websites. This feature is also known as hotlink protection. Hotlink protection will save you bandwidth by prohibiting other sites from displaying your images.
- Sign in to the KeyCDN dashboard
- Click on Zone Referrer from the left navigation bar. Click on New Zone Referrer (blue button)
- Define a Referrer of your choice (e.g www.yourwebsite.com)
- Choose a Zone you want to map the Zone Referrer to
- Save the Zone Referrer
You can also define wildcard Zone Referrers such as
*.example.com to allow all subdomains of a particular root domain to access your Zone’s content.
When using Zone Referrers, ensure that you have set all the domains for which you want to allow access to your assets. For a standard setup, you would add the following domains to your list of Zone Referrers:
- Your Zone URL
kxcdn.com(required for loading web fonts e.g. Font Awesome)
- Your Origin URL (e.g. yourwebsite.com)
- Your Zone Alias if you have one (e.g. cdn.yourwebsite.com).
You can also specify if you want to allow empty referrers or not from your Zone’s advanced features section.
This is set to enabled by default (which will allow empty referrers). However if you want additional protection you may set this to disabled therefore returning a
403 error to all requests without a HTTP referrer field.
Hotlink Protection Verification Example
The following cURL examples can be used to test if your Zonerefferers are properly set up. You can also use our HTTP Check tool to check this.
$ curl -I -H 'Referer: http://www.yourwebsite.com' http://<zonename>-<hexID>.kxcdn.com/path/to/your/asset.jpg HTTP/1.1 200 OK Server: keycdn-engine Date: Fri, 15 Aug 2014 19:14:07 GMT Content-Type: text/html Content-Length: 1467 Last-Modified: Wed, 2 Jul 2014 12:57:48 GMT Connection: keep-alive ETag: "53c676cc-5bb" X-Edge-Location: defr Accept-Ranges: bytes $ curl -I -H 'Referer: http://www.notyourwebsite.com' http://<zonename>-<hexID>.kxcdn.com/path/to/your/asset.jpg HTTP/1.1 403 Forbidden Server: keycdn-engine Date: Fri, 15 Aug 2014 19:14:16 GMT Content-Type: text/html Content-Length: 1596 Connection: keep-alive ETag: "53f77ee7-63c"