How can I protect images and other content on my Web site?

This page is showing a generic answer.
To see a more detailed answer customized for you, type your domain name here:

Customers occasionally ask us if it's possible to prevent visitors from saving, printing, or linking to images and other content on their Web sites. There's no foolproof way to do this, but the tips below may help.

Preventing visitors from saving or printing images or Web pages

It's difficult to prevent people from saving or printing pictures from your Web site while still providing public access. Several schemes can accomplish this to some degree, although all of them have their drawbacks. This page lists a few of them, but all you can really do is make it more difficult: if people can see the content on their screens, there will be some way for them to copy it.

You might also want to consider using a "robots.txt" file to prevent search engines like Google from indexing some pages and images. Doing this can have a large effect on the number of people who copy your images, because many people simply perform a Google image search when looking for pictures.

The only certain way to protect your pages and images is to only allow trusted people to see them. You can make this happen by password protecting part of your Web site.

Preventing other sites from "hotlinking" to your images

Hotlinking refers to other sites embedding your images (or other content) within their Web pages. It's not the same thing as when the other site owner saves a copy of the image and places it on his or her own site: with hotlinking, the image still comes from our servers. Many site owners object to this in principle, although it’s less of an issue now than it was years ago since we never charge bandwidth fees.

While you can't completely prevent hotlinking, advanced users can create rules in .htaccess files to block it in some cases.

To block just certain sites from hotlinking your images, list their specific domain names. This will block hotlinking from “evil-hotlinker.com”:

RewriteEngine on
RewriteCond %{HTTP_REFERER} evil-hotlinker.com$ [nocase]
RewriteRule \.(gif|jpg|jpeg|png)$ - [forbidden]

And this will block hotlinking from “evil-hotlinker.com”, “a-second-hotlinker.net” and “another-hotlinker.org”:

RewriteEngine on
RewriteCond %{HTTP_REFERER} evil-hotlinker.com$ [nocase,OR]
RewriteCond %{HTTP_REFERER} a-second-hotlinker.net$ [nocase,OR]
RewriteCond %{HTTP_REFERER} another-hotlinker.org$ [nocase]
RewriteRule \.(gif|jpg|jpeg|png)$ - [forbidden]

It’s also possible to block hotlinking from every domain name except your own. Be sure you know what you're doing, though: there may be legitimate reasons for other sites to appear to "hotlink" your images. One example is that if your site offers RSS feeds and a visitor uses a Web-based feed reader to view the pages, the other site may "embed" your images in their own page as part of the preview. The techniques below would block those image requests.

Most people should not do this.

We don't recommend following the instructions below unless you really understand how the Web and HTTP referers work, and hotlinking is causing a serious problem you can’t solve any other way. You can easily prevent legitimate visitors from seeing your site's images if you aren't careful.

These lines will block images from being displayed on sites other than example.com (this actually allows access for any hostname ending in example.com, including www.example.com and subdomain misspellings like ww.example.com):

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !example.com/ [nocase]
RewriteRule \.(gif|jpg|jpeg|png)$ - [forbidden]

If you link to your images from other sites, you can add them as additional allowed domain names. For example, this will allow your images to appear on "www.example.net" and "www.example.org" as well as your own site:

RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !example.com/ [nocase]
RewriteCond %{HTTP_REFERER} !example.net/ [nocase]
RewriteCond %{HTTP_REFERER} !example.org/ [nocase]
RewriteRule \.(gif|jpg|jpeg|png)$ - [forbidden]

Again, this system is not foolproof — visitors who use privacy-enhancing software that blocks a browser's "referer" information will still see hotlinked images, for example — but it blocks most of it.

By the way, if you add this protection to your site and it doesn't seem to block images when you test it, it's probably because the images are already in your Web browser's cache. Instead, test it from a different computer that has never loaded the images before.