Hot-link protection
Block other websites from linking to your content. This is useful for protecting images.
export default {  async fetch(request) {    const HOMEPAGE_URL = "https://tutorial.cloudflareworkers.com/";    const PROTECTED_TYPE = "image/";
    // Fetch the original request    const response = await fetch(request);
    // If it's an image, engage hotlink protection based on the    // Referer header.    const referer = request.headers.get("Referer");    const contentType = response.headers.get("Content-Type") || "";
    if (referer && contentType.startsWith(PROTECTED_TYPE)) {      // If the hostnames don't match, it's a hotlink      if (new URL(referer).hostname !== new URL(request.url).hostname) {        // Redirect the user to your website        return Response.redirect(HOMEPAGE_URL, 302);      }    }
    // Everything is fine, return the response normally.    return response;  },};export default {  async fetch(request): Promise<Response> {    const HOMEPAGE_URL = "https://tutorial.cloudflareworkers.com/";    const PROTECTED_TYPE = "image/";
    // Fetch the original request    const response = await fetch(request);
    // If it's an image, engage hotlink protection based on the    // Referer header.    const referer = request.headers.get("Referer");    const contentType = response.headers.get("Content-Type") || "";
    if (referer && contentType.startsWith(PROTECTED_TYPE)) {      // If the hostnames don't match, it's a hotlink      if (new URL(referer).hostname !== new URL(request.url).hostname) {        // Redirect the user to your website        return Response.redirect(HOMEPAGE_URL, 302);      }    }
    // Everything is fine, return the response normally.    return response;  },} satisfies ExportedHandler;from js import Response, URL, fetch
async def on_fetch(request):    homepage_url = "https://tutorial.cloudflareworkers.com/"    protected_type = "image/"
    # Fetch the original request    response = await fetch(request)
    # If it's an image, engage hotlink protection based on the referer header    referer = request.headers["Referer"]    content_type = response.headers["Content-Type"] or ""
    if referer and content_type.startswith(protected_type):        # If the hostnames don't match, it's a hotlink        if URL.new(referer).hostname != URL.new(request.url).hostname:            # Redirect the user to your website            return Response.redirect(homepage_url, 302)
    # Everything is fine, return the response normally    return responseWas this helpful?
- Resources
- API
- New to Cloudflare?
- Products
- Sponsorships
- Open Source
- Support
- Help Center
- System Status
- Compliance
- GDPR
- Company
- cloudflare.com
- Our team
- Careers
- 2025 Cloudflare, Inc.
- Privacy Policy
- Terms of Use
- Report Security Issues
- Trademark