Cloudflare Docs
Workers
Visit Workers on GitHub
Set theme to dark (⇧+D)

Hot-link protection

Block other websites from linking to your content. This is useful for protecting images.
export default {
async fetch(request) {
const HOMEPAGE_URL = 'https://tutorial.cloudflareworkers.com/';
const PROTECTED_TYPE = 'image/';
// Fetch the original request
const response = await fetch(request);
// If it's an image, engage hotlink protection based on the
// Referer header.
const referer = request.headers.get('Referer');
const contentType = response.headers.get('Content-Type') || '';
if (referer && contentType.startsWith(PROTECTED_TYPE)) {
// If the hostnames don't match, it's a hotlink
if (new URL(referer).hostname !== new URL(request.url).hostname) {
// Redirect the user to your website
return Response.redirect(HOMEPAGE_URL, 302);
}
}
// Everything is fine, return the response normally.
return response;
},
};
const HOMEPAGE_URL = 'https://tutorial.cloudflareworkers.com/';
const PROTECTED_TYPE = 'image/';
async function handleRequest(request) {
// Fetch the original request
const response = await fetch(request);
// If it's an image, engage hotlink protection based on the
// Referer header.
const referer = request.headers.get('Referer');
const contentType = response.headers.get('Content-Type') || '';
if (referer && contentType.startsWith(PROTECTED_TYPE)) {
// If the hostnames don't match, it's a hotlink
if (new URL(referer).hostname !== new URL(request.url).hostname) {
// Redirect the user to your website
return Response.redirect(HOMEPAGE_URL, 302);
}
}
// Everything is fine, return the response normally.
return response;
}
addEventListener('fetch', event => {
event.respondWith(handleRequest(event.request));
});