Zonereferrers allow you to restrict HTTP referrers in order to prevent others from embedding your assets on other websites. This feature is also known as hotlink protection. Hotlink protection will save you bandwidth by prohibiting other sites from displaying your images.
- Sign in to the KeyCDN dashboard
- Click on Zonereferrer from the left navigation bar. Click on New Zonereferrer (blue button)
- Define a Referrer of your choice (e.g www.yourwebsite.com)
- Choose a zone you want to map the zonereferrer to
- Save the Zonereferrer
When using Zonereferrers, ensure that you have set all the domains for which you want to allow access to your assets. For a standard setup, you would add the following domains to your list of Zonerefferers:
- Your Zone URL
kxcdn.com(required for loading web fonts e.g. Font Awesome)
- Your Origin URL (e.g. yourwebsite.com)
- Your Zonealias if you have one (e.g. cdn.yourwebsite.com).
You can also specify if you want to allow empty referrers or not from your zone’s advanced features section.
This is set to enabled by default (which will allow empty referrers). However if you want additional protection you may set this to disabled therefore returning a
403 error to all requests without a HTTP referrer field.
Hotlink Protection Verification Example
The following cURL examples can be used to test if your Zonerefferers are properly set up. You can also use our HTTP Check tool to check this.
$ curl -I -H 'Referer: http://www.yourwebsite.com' http://<zonename>-<hexID>.kxcdn.com/path/to/your/asset.jpg HTTP/1.1 200 OK Server: keycdn-engine Date: Fri, 15 Aug 2014 19:14:07 GMT Content-Type: text/html Content-Length: 1467 Last-Modified: Wed, 2 Jul 2014 12:57:48 GMT Connection: keep-alive ETag: "53c676cc-5bb" X-Edge-Location: defr Accept-Ranges: bytes $ curl -I -H 'Referer: http://www.notyourwebsite.com' http://<zonename>-<hexID>.kxcdn.com/path/to/your/asset.jpg HTTP/1.1 403 Forbidden Server: keycdn-engine Date: Fri, 15 Aug 2014 19:14:16 GMT Content-Type: text/html Content-Length: 1596 Connection: keep-alive ETag: "53f77ee7-63c"