Detailed photo of web man shown in smaller and much lower quality

Image quality degradation as a hotlink prevention measure and deterrent

Hotlink protection is the practice of serving different images based on the HTTP Referer (sic) header. In other words, serving one image when the image is requested from a page on your own website and then serve a different image when it’s served from a page on another website. When websites include images from other websites without permissions, this is known as “hotlinking”.

Early-web hotlink protection measures were crude and not very sexy when seen with a modern eye. Yet its deployed by many websites because bandwidth still isn’t free and people who don’t know any better or just doesn’t care about free-loading the bandwidth of other websites continue to hotlink images.

Embedding/inline-loading is much more common now and it’s considered legitimate in many more contexts because of popular web reading list services, feed readers, social news sites, web mail, aggregates, etc. Maintaining a whitelist of the services you approve of individually is impractical and would have to be constantly fine-tuned.

You definitively don’t want to shout at potential visitors who’re coming to your website from their webmail or social network sites about them stealing bandwidth. Yet this is exactly what many websites do.

As hotlinking can’t really be prevented in any meaningful way, I like to focus on reducing it’s impact on my server and bandwidth instead. A hotlinked image will be siphoning server resources no matter what you do, so let us rather make the best of the situation.


Feature image based on a photo by © 2015 Christopher J. Campbell. The article author waives all copyrights and related or neighboring rights to the code and configuration examples provided in this article. They’re provided as-is without any guarantee of functionality nor anything else.