Hubbry Logo
Inline linkingInline linkingMain
Open search
Inline linking
Community hub
Inline linking
logo
7 pages, 0 posts
0 subscribers
Be the first to start a discussion here.
Be the first to start a discussion here.
Inline linking
Inline linking
Inline linking
View on Wikipedia
from Wikipedia
Not found
Revisions and contributorsEdit on WikipediaRead on Wikipedia

Inline linking

View on Grokipedia
from Grokipedia
Inline linking, also known as hotlinking or direct linking, refers to the practice of external content—such as images, videos, or other media files—directly into a webpage using code, where the content is hosted on a third-party server rather than being downloaded and stored on the linking site itself. This technique typically involves using tags like <img src="external-url"> for images, allowing the browser to fetch and render the resource inline with the surrounding content without the user leaving the page. Technically, inline linking leverages HTTP requests to retrieve the embedded object from its original host each time the page loads, which can improve page load times for the linking site by offloading storage and bandwidth costs but places the burden on the source server. Common legitimate uses include platforms embedding user-generated images or news sites displaying thumbnails from stock photo services with permission, enhancing content richness without duplicating files. However, it is often controversial when done without authorization, as it can consume the host's bandwidth and resources—sometimes referred to as ""—potentially increasing hosting costs or slowing down the source site. From a legal perspective, inline linking has sparked debates over , particularly whether displaying externally hosted content constitutes unauthorized or public display. , a landmark 2023 ruling by the Ninth Circuit Court of Appeals held that embedding links to publicly posted Instagram photos does not infringe copyrights, as it merely points to existing displays rather than copying the files—a decision affirmed by the U.S. Supreme Court's denial of in 2025. Despite this, outcomes can vary by ; for instance, the Court of Justice of the has ruled that unauthorized of images via framing can constitute infringement if it circumvents technical measures restricting access to the content. To mitigate risks, website owners often implement hotlink protection measures, such as referrer checking or token-based authentication, to block unauthorized embeds.

Fundamentals

Definition and Overview

Inline linking, also known as hotlinking or leeching, is the practice of embedding and displaying resources such as images, videos, or scripts from an external server directly within a webpage by referencing their , without hosting the resource on the linking site's own server. This method allows the content to be fetched and rendered client-side by the user's browser, integrating the external resource seamlessly into the page's layout as if it were local. The technique emerged in the early 1990s alongside the development of HTTP and standards, with the NCSA browser's release on April 22, 1993, marking a pivotal moment by introducing the ability to display images inline with text for the first time. Prior to this, web browsers like those based on earlier hypertext systems treated images as separate entities or required manual retrieval, but 's innovation via the <img> tag enabled direct referencing, facilitating widespread adoption of inline linking by 1994 as graphical web content proliferated. Key advantages of inline linking include reduced storage and bandwidth demands on the linking site's server, as the external host bears the load of serving the resource, and the facilitation of dynamic content sharing where updates to the original file automatically reflect on the embedding page without manual intervention. For instance, a webpage can embed an image using <img src="https://external-site.com/image.jpg">, contrasting with local hosting where the file would be uploaded and served from the site's own domain, such as <img src="https://grokipedia.com/local-images/image.jpg">. Unlike server-side includes (SSI), which involve directives processed on the web server to dynamically insert content before the page is sent to the client—such as embedding variables or files via server directives like <!--#include virtual="file.html" -->—inline linking occurs entirely client-side, with the browser independently requesting and rendering the external resource via its URL. This distinction ensures that inline linking does not require server-side scripting or configuration, relying instead on standard HTML interpretation.

Technical Implementation via HTTP

Inline linking operates through standard HTTP mechanisms, where a , upon loading an document, parses elements such as <img> or <object> that reference external resources via absolute in attributes like src or href. This parsing triggers the browser to initiate an HTTP GET request to the specified URL on the remote server, typically immediately after the relevant is encountered during document rendering. The request includes headers such as User-Agent to identify the client and Referer indicating the originating page, though the latter may be omitted or stripped for privacy reasons. Upon receiving the GET request, the remote server authenticates the request if necessary, locates the , and sends a response starting with an HTTP status code. For successful retrieval, the server issues a 200 status, accompanied by response headers including Content-Type to specify the type—such as image/jpeg for files or image/png for —which informs the browser how to interpret and render the binary data in the response body. The body contains the raw data, which the browser then decodes and displays inline within the page layout. If compression is enabled via headers like Content-Encoding: gzip, the browser decompresses the payload before processing. This request-response flow ensures the external integrates seamlessly into the host page without requiring the host server to store or serve the content itself. Cross-origin inline linking, where the resource URL differs in scheme, host, or port from the host page, generally proceeds without restrictions for simple display purposes, as browsers permit fetching and rendering images from other origins by default. However, if the page's attempts to access the loaded image data—such as drawing it to a <canvas> element—CORS () comes into play. The <img> element's crossorigin attribute can be set to anonymous or use-credentials to initiate a CORS-enabled fetch, prompting the server to include headers like Access-Control-Allow-Origin in its response to authorize the cross-origin access; without these, the browser blocks pixel-level manipulation to prevent data leakage. Servers may also use Cross-Origin-Resource-Policy (CORP) headers to further restrict no-cors cross-origin fetches, enhancing security against unauthorized embedding. From a performance perspective, inline linking introduces additional network latency due to the separate HTTP requests for each external resource, potentially delaying page compared to locally hosted assets. Browsers mitigate this through caching mechanisms defined by HTTP headers: the Cache-Control directive (e.g., max-age=3600) instructs the browser or intermediate proxies on storage duration, while ETag or Last-Modified enables conditional requests for validation on subsequent loads. Content Delivery Networks (CDNs) further optimize by caching resources at edge servers worldwide, reducing round-trip times for repeated or geographically distant fetches. In practice, these features can significantly lower the effective latency for inline resources, though uncached cross-origin fetches still contribute to initial load times. Modern HTTP versions address inefficiencies in resource loading via . HTTP/2 streams multiple requests and responses over a single TCP connection, eliminating the need for parallel connections and reducing , which accelerates the concurrent fetching of numerous inline assets like images and stylesheets. HTTP/3 builds on this by using over UDP, providing native multiplexing, faster handshakes, and better loss recovery, further minimizing latency for inline linking in high-latency or lossy networks. Edge cases include error responses: if a resource is missing, the server returns a 404 Not Found status, prompting the browser to handle the failure gracefully—often by displaying an alternate placeholder or broken icon—without halting page rendering.

Applications

Legitimate Uses

Inline linking facilitates content syndication by enabling websites to embed shared media from external platforms without duplicating files, thereby reducing storage needs and ensuring content remains up-to-date at the source. For instance, the oEmbed specification allows seamless integration of videos from or photos from directly into web pages via simple references, which the provider's converts into embeddable code that loads the media inline. This approach promotes efficient sharing across sites while respecting the original host's infrastructure and bandwidth management. In dynamic applications, inline linking supports real-time content updates through external APIs, such as weather widgets from services like or stock tickers from financial APIs like Alpha Vantage, where scripts fetch and display live without requiring server-side hosting. These implementations leverage HTTP requests to pull fresh on page load or via periodic refreshes, enhancing user engagement with timely, accurate visuals like current temperature maps or fluctuating share prices. This method minimizes development overhead and ensures scalability for high-traffic sites needing constant . Collaborative platforms, including wikis and online forums, commonly employ inline linking for user-contributed images hosted on third-party services like , allowing contributors to upload media externally and reference it directly in posts or edits. This practice streamlines by offloading storage and delivery to specialized hosts, fostering participation without burdening the platform's resources. For example, in forums, users paste Imgur direct links into image tags, enabling inline display that enriches discussions with visuals while maintaining the original file's integrity and availability. Inline linking offers SEO and advantages by preserving metadata from the source, such as alt text for images, which aids screen readers and without alteration during embedding. When served via external Content Delivery Networks (CDNs), it supports responsive by delivering optimized images based on user device and location, improving load times and mobile compatibility. Specific examples include social media embeds like X (formerly ) Cards, introduced in 2012, which inline rich previews of articles or media to boost click-through rates and traffic. In , retailers often inline product images from supplier servers to accelerate site setup, cut hosting costs, and ensure images reflect the latest inventory visuals.

Controversial and Abusive Uses

One prominent abusive use of inline linking is bandwidth theft, commonly known as hotlinking, where websites embed images, videos, or other media directly from another site's server to avoid their own hosting costs. This practice forces the source server to handle all delivery requests, resulting in unexpected traffic spikes that can significantly increase operational expenses and degrade performance for legitimate users. For instance, hotlinking can consume substantial bandwidth, with one documented case from 2008-2009 showing a victim server transmitting an average of 1.7 GB daily due to unauthorized image links, peaking at 22.7 GB and ultimately leading to a crash after 40 days of sustained . Such misuse disrupts web ecosystems by shifting resource burdens unfairly, often prompting hosting providers to impose fees or suspend services when quotas are exceeded. In the context of , inline linking enables leeching by allowing sites to reference copyrighted media—such as videos or software—hosted on third-party file-sharing platforms without uploading the content themselves. This evades direct hosting bans, as pirates can reverse-engineer access to content delivery networks (CDNs) and embed links to or illicit material across multiple platforms, complicating efforts. For example, CDN leeching has emerged as a sophisticated method for redistributing premium video content, where unauthorized links exploit global server distributions to bypass geographic and legal restrictions, thereby inflating data demands on legitimate providers. The impacts include elevated costs for content owners, reduced for paying subscribers, and broader proliferation of pirated works that undermine revenue streams. Additionally, studies indicate that up to 33.8% of analyzed sites hotlink multiple software packages, facilitating the unauthorized distribution of potentially pirated files while dodging prosecution through non-hosting. Deliberate overuse of inline linking can manifest as resource exhaustion attacks, akin to low-level distributed denial-of-service (DDoS) efforts, where coordinated hotlinks to large files overwhelm target servers with fetch requests. This exhausts bandwidth and computational resources, slowing or crashing sites; for instance, hotlinking of media files like images or PDFs generates repeated server hits, simulating DDoS by draining CPU and memory without sophisticated tools. In web ecosystems, this leads to for affected services, financial losses from emergency scaling, and exploitation, as seen in cases where external sites' embeds cause disproportionate load on origin servers. Historical incidents highlight the evolution of these abuses, particularly in the early when forum communities engaged in "hotlinking wars" to sabotage competitors by embedding resource-intensive links, causing server overloads and crashes. Measurements from that era reveal widespread prevalence, with 75% of sampled sites hotlinking images, often in blogging and forum contexts where unauthorized embeds peaked at over 165,000 daily requests, crippling small hosts. In modern examples, aggregation sites have hotlinked images from platforms like without permission, as illustrated by a 2015 case where Huffington Post embedded comics from , spiking bandwidth costs and prompting retaliatory alterations to the linked content. More recently, as of 2025, AI tools like have been observed hotlinking images in generated responses, embedding external media without caching, which can strain source servers and prompt protective measures. These events underscore ongoing tensions in content sharing, eroding trust and incentivizing protective measures across the web.

Mitigation Strategies

Client-Side Prevention

Client-side prevention of inline linking, also known as hotlinking, relies on browser-level and user-initiated mechanisms to detect and restrict the loading of external resources embedded directly into web pages. These techniques empower users to control resource fetches, particularly cross-origin ones that bypass server-side protections, by intervening at the point of request or rendering. Such methods are essential for mitigating bandwidth theft and risks associated with unauthorized embeds, though their effectiveness depends on user configuration and browser support. Browser extensions provide a primary tool for users to block cross-origin resource loads, often through customizable filters and domain whitelists. For instance, , a widely used open-source content blocker, employs network filtering rules to prevent the loading of images, scripts, and other media from untrusted domains, effectively stopping hotlinked content by intercepting HTTP requests before they reach external servers. Similarly, focuses on script execution but extends to blocking inline and remote elements like frames and objects from non-whitelisted sites, allowing users to selectively permit resources only from trusted origins to avoid exploitation via embedded third-party content. These extensions operate transparently in the background, updating filter lists from community-maintained sources to target known abusive linking patterns without requiring server intervention. Content Security Policy (CSP) serves as another client-enforced mechanism, implemented via HTTP headers or meta tags in , to restrict the sources from which resources such as images and scripts can be loaded. Browsers like and Chrome parse CSP directives—such as img-src 'self'—to confine inline embeds to the same origin, blocking attempts to fetch media from external domains and thereby preventing hotlinking at the rendering stage. This policy, standardized by the W3C, enhances user control by allowing site owners to declare trusted sources, with the browser rejecting non-compliant loads to mitigate risks like through unauthorized embeds. User agent modifications, including VPNs and proxies, offer additional layers of prevention by intercepting and rewriting outbound requests to thwart direct external fetches. Privacy-oriented proxies can apply rewriting rules to redirect or nullify hotlinked resource paths, ensuring that cross-origin links resolve to local placeholders or are outright blocked based on predefined policies. While not exclusively designed for hotlinking, these tools integrate content filtering to anonymize traffic and prevent bandwidth-draining embeds, particularly in enterprise or high-privacy setups. Privacy-focused browsers incorporate built-in features to default-block third-party trackers and inline embeds, reducing the need for manual extensions. Brave's Shields system, for example, aggressively filters cross-site resources, including embedded images and scripts from external domains, by default to curb tracking and unauthorized linking. Likewise, Firefox's Enhanced Tracking Protection automatically blocks content from known tracking domains, which often overlap with hotlinking sources, using curated blocklists to prevent inline loads in both standard and private browsing modes. These browsers prioritize user privacy by enforcing strict cross-origin policies out of the box, making prevention more accessible without additional setup. Despite their utility, client-side prevention methods have inherent limitations, as they remain user-dependent and vulnerable to circumvention. requires active installation and configuration of extensions or selection of specific browsers, leaving less tech-savvy users exposed to hotlinking. Moreover, sophisticated embeds—such as those using data URIs, same-origin proxies, or obfuscated scripts—can evade filters, as these techniques do not alter the underlying HTTP mechanics and rely on the user's vigilance for updates. Overall, while effective for proactive users, these approaches complement rather than fully replace server-side controls.

Server-Side Prevention

Server-side prevention of inline linking, often referred to as hotlinking, involves configuring web servers to detect and restrict unauthorized requests for embedded resources such as images, stylesheets, or scripts. These methods rely on server-side logic to inspect incoming requests and respond accordingly, thereby protecting bandwidth and resources from external sites embedding content without permission. Common techniques include header validation, , content alteration, authorization tokens, automated monitoring, and standards-based policies. One primary approach is checking the HTTP Referer header, which indicates the originating of the request. Servers can deny or redirect requests lacking a valid referer from authorized domains. For instance, in using the mod_rewrite module, administrators configure rules to forbid access to specific file types if the referer does not match the site's domain. An example configuration in .htaccess or httpd.conf might include:

RewriteEngine On RewriteCond %{HTTP_REFERER} !^$ RewriteCond %{HTTP_REFERER} !^https?://(www\.)?example\.com [NC] RewriteRule \.(gif|jpg|png)$ - [F,NC]

RewriteEngine On RewriteCond %{HTTP_REFERER} !^$ RewriteCond %{HTTP_REFERER} !^https?://(www\.)?example\.com [NC] RewriteRule \.(gif|jpg|png)$ - [F,NC]

This setup returns a 403 Forbidden status for image requests from unauthorized sources, though it can be bypassed by clients omitting the referer header. IP-based throttles excessive requests from suspicious sources, reducing the impact of frequent inline fetches. In , the ngx_http_limit_req_module implements a "leaky bucket" algorithm to cap requests per , using zones for tracking. A typical directive limits each IP to one request per second with a burst allowance:

http { limit_req_zone $binary_remote_addr zone=hotlink:10m rate=1r/s; ... [location](/page/Location) ~* \.(jpg|jpeg|png|gif)$ { limit_req zone=hotlink burst=5 nodelay; } }

http { limit_req_zone $binary_remote_addr zone=hotlink:10m rate=1r/s; ... [location](/page/Location) ~* \.(jpg|jpeg|png|gif)$ { limit_req zone=hotlink burst=5 nodelay; } }

This prevents by delaying or rejecting overloads, applicable to inline linking scenarios where external sites repeatedly pull resources. To deter misuse further, servers can serve altered resources or issue redirects for detected hotlinking. Upon identifying invalid requests via referer checks, the server might deliver a watermarked version of the —overlaying text or to attribute —or redirect to a custom page. In , mod_rewrite can proxy such requests to a script that applies watermarks dynamically using tools like , caching results to minimize processing overhead. Alternatively, a simple 403 Forbidden response or redirect to the site's homepage enforces policy without serving content. These responses maintain control over resources while signaling . Token-based enhances by requiring explicit permission for access, particularly for cloud-stored assets. Services like use presigned URLs, which embed temporary signatures generated with AWS credentials, granting time-limited access (up to 7 days via ) to private objects. Legitimate inline linking involves generating these URLs server-side for approved clients, ensuring external sites cannot directly embed or hotlink without invalidation upon expiration. This method prevents unauthorized sharing by tying access to specific, short-lived tokens rather than public URLs. The Cross-Origin-Resource-Policy (CORP) HTTP response header provides a standardized way to control cross-origin access to resources. Set by the server hosting the content, CORP instructs browsers to block loading of the resource in cross-origin contexts unless explicitly allowed. Possible values include same-origin (blocks cross-origin loads), same-site (allows same-site but blocks cross-origin), and cross-origin (allows all). As of 2025, CORP is supported in major browsers including Chrome, , , and Edge. It complements referrer checks by enforcing policy at the browser level without relying on client headers, though it does not apply to CORS-enabled fetches. Content delivery networks (CDNs) like offer integrated hotlink protection, combining referrer validation with additional features such as bot detection and country-based blocking to prevent unauthorized embeds. These services offload processing from origin servers while applying rules at the edge. Advanced monitoring complements these controls through log analysis tools that automatically ban repeat offenders. Fail2Ban scans logs for patterns indicating hotlinking attempts, such as repeated invalid referer requests to image paths, and adds IP blocks via or similar firewalls. Custom filters define regex matches for abuse signatures, triggering bans after a threshold (e.g., 5 failures in 10 minutes) for durations like 1 hour. This proactive banning reduces ongoing threats without manual intervention. Inline linking intersects with primarily through the exclusive rights to and public display granted to owners. In the United States, under 17 U.S.C. § 106(5), holders possess the exclusive right to publicly display their works, which courts have interpreted to potentially encompass inline linking or , even when the content is not stored locally on the linking site but retrieved directly from the original server. This interpretation posits that inline linking constitutes a "display" because the linked content appears integrated into the linking page, facilitating unauthorized exhibition without the owner's permission, though it typically does not involve since no fixed copy is made on the linker's server. The doctrine under 17 U.S.C. § 107 may provide a defense in certain contexts, particularly for transformative uses such as thumbnails in results, where reduced-resolution previews serve an informational purpose without supplanting the original work's market. In contrast, direct embeds of full-resolution images or media via inline linking are less likely to qualify as , as they often lack substantial transformation and may compete directly with the original, potentially harming the holder's commercial interests. Internationally, approaches vary, with the European Union's Directive 2001/29/EC (InfoSoc Directive) permitting temporary reproductions under Article 5(1) when they are transient, incidental, and solely for technical transmission in a network, such as caching required for inline linking to enable efficient display. This exception contrasts with the stricter mechanisms in the U.S. (DMCA), 17 U.S.C. § 512, which facilitates takedown notices for alleged infringements, including inline links deemed to violate display rights, requiring service providers to remove or disable access upon notification to maintain safe harbor protections. Moral rights, as enshrined in Article 6bis of the for the Protection of Literary and Artistic Works, further complicate inline linking by protecting creators' rights to attribution (paternity) and , independent of economic rights. Inline embeds that fail to credit the original or alter the work's context—such as juxtaposing it with unrelated content—can infringe these rights, particularly in jurisdictions like the where are robustly enforced, unlike the more limited protections in the U.S. under the (VARA), 17 U.S.C. §§ 106A–106B. Post-2020 developments have introduced evolving challenges, particularly with inline linking to AI-generated content or non-fungible tokens (NFTs), where unclear authorship and ownership raise novel IP questions; for instance, AI outputs often lack eligibility due to absent human authorship, yet linking to them may still implicate underlying training data rights, while NFT-linked embeds can blur lines between licensed access and unauthorized display. In 2025, U.S. courts in AI cases, such as those involving and Meta, have applied defenses to training data usage, potentially influencing future assessments of linking to AI-derived works without direct precedents on embeds as of November 2025. In the United States, the case of Perfect 10, Inc. v. Amazon.com, Inc. (2007) established a significant precedent for inline linking of thumbnails. The Ninth Circuit Court of Appeals ruled that Google's creation and display of inline thumbnails from copyrighted images constituted under the Copyright Act, as the thumbnails were transformative and served an informational purpose without harming the market for the original works. This decision emphasized that inline linking to reduced-resolution images does not infringe the copyright holder's display right when the linking party does not host the full copies. In the , Infopaq International A/S v. Danske Dagblades Forening (2009) addressed temporary reproductions involved in inline processes. The Court of Justice of the (CJEU) held that the caching and processing of short text extracts from newspaper articles for media monitoring constituted a "reproduction" under the InfoSoc Directive, even if transient, if the extracts conveyed the originality of the work. This precedent extended to inline linking scenarios where automated caching occurs, requiring assessment of whether such acts interfere with the copyright holder's exclusive rights. The CJEU's decision in GS Media BV v. Sanoma Media BV (2016) introduced liability for to unauthorized content. The court ruled that posting a hyperlink to freely accessible infringing material constitutes a "communication to the public" if done for profit, or if the linker knew or should have known of the illegality, thereby making the linker jointly liable for infringement. This shifted focus to the linker's intent and knowledge, influencing inline linking practices across member states. In , Roadshow Films Pty Ltd v. iiNet Ltd (2012) examined of infringement through facilitation. The unanimously held that the internet service provider did not authorize customers' infringements via , despite receiving infringement notices, as mere provision of and lack of specific control over links did not meet the authorization threshold under the Copyright Act. The decision clarified that passive enabling of links to infringing content does not impose liability without evidence of inducement. India's Super Cassettes Industries Ltd. v. Inc. (2011, with key rulings in 2016) addressed platform liability for including links. The ruled that MySpace, as an , lost safe harbor protections under the Information Technology Act upon gaining actual knowledge of infringing material, holding it liable for hosting and facilitating access to unauthorized music videos via embeds and links. This imposed a duty on platforms to expeditiously remove such content, extending to inline linking of copyrighted works. Post-2020 developments in the U.S. include Hunley v. Instagram, LLC (2023), where the Ninth Circuit affirmed that embedding Instagram photos via inline links does not infringe copyright, as it does not involve displaying a copy fixed in the embedder's system, upholding the server test and dismissing claims against Instagram for secondary liability. Emerging blockchain-related IP disputes have begun to touch on inline linking, such as cases involving non-fungible tokens (NFTs) where platforms link to unauthorized digital art, but specific precedents remain limited, with courts applying traditional copyright doctrines to decentralized embeds. In April 2025, the U.S. denied certiorari in a petition challenging the Ninth Circuit's server test (McGucken v. , LLC), leaving the circuit split unresolved and maintaining uncertainty in embedding liability across jurisdictions. These cases illustrate evolving trends toward stricter liability for knowing facilitation of infringing links, particularly in the and jurisdictions emphasizing platform duties, while U.S. rulings maintain a permissive stance for non-hosting embeds to foster online innovation.

References

  1. https://developer.mozilla.org/en-US/docs/Glossary/Hotlink
  2. https://www.keycdn.com/support/what-is-hotlinking
  3. https://www.yokoco.com/hotlinking-what-it-is-why-it-is-bad-and-how-not-to-do-it/
  4. https://www.vodien.com/learn/hotlinking-what-is-it-and-why-is-it-bad/
  5. https://www.cyberghostvpn.com/glossary/hotlink
  6. https://www.finnegan.com/en/insights/articles/potential-liabilities-for-web-linking-to-copyrighted-content.html
  7. https://www.eff.org/deeplinks/2023/07/victory-embedded-links-photos-instagram-dont-infringe-photographers-copyrights
  8. https://www.nixonpeabody.com/insights/alerts/2025/07/09/supreme-court-declines-to-resolve-looming-split-on-embedded-content-rights
  9. https://curia.europa.eu/juris/document/document.jsf?text=&docid=238287&pageIndex=0&doclang=EN&mode=lst&dir=&occ=first&part=1&cid=123456
  10. https://aws.amazon.com/blogs/security/how-to-prevent-hotlinking-by-using-aws-waf-amazon-cloudfront-and-referer-checking/
  11. https://www.wired.com/2010/04/0422mosaic-web-browser/
  12. https://www.periscopemedia.co/glossary/what-is-a-hotlink
  13. https://httpd.apache.org/docs/current/howto/ssi.html
  14. https://html.spec.whatwg.org/multipage/images.html#img-element
  15. https://datatracker.ietf.org/doc/html/rfc9110#name-request-header-fields
  16. https://datatracker.ietf.org/doc/html/rfc9110#name-content-type
  17. https://datatracker.ietf.org/doc/html/rfc9110#name-response-body
  18. https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cross-Origin-Resource-Policy
  19. https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/Cache-Control
  20. https://datatracker.ietf.org/doc/html/rfc9110#name-conditional-requests
  21. https://developer.mozilla.org/en-US/docs/Glossary/HTTP_2
  22. https://developer.mozilla.org/en-US/docs/Glossary/QUIC
  23. https://datatracker.ietf.org/doc/html/rfc9110#name-status-codes
  24. https://oembed.com/
  25. https://getdevdone.com/blog/embedding-youtube-videos-in-wordpress-best-practices.html
  26. https://www.metroclick.com/digital-signage/software/integrating-weather-updates-and-alerts-into-digital-signage-software-guide/
  27. https://sunriseticker.sunrisesesatech.com/stock-ticker-display
  28. https://www.sweetshoppedesigns.com/tutorials/index.php/2022/03/how-to-link-images-easily-with-imgur/
  29. https://www.vodien.com/learn/image-cdn-for-seo-benefits/
  30. https://developer.mozilla.org/en-US/docs/Learn_web_development/Core/Accessibility/HTML
  31. https://developer.x.com/en/docs/x-for-websites/cards/overview/abouts-cards
  32. https://www.pixelz.com/blog/vendor-images/
  33. https://www.eecis.udel.edu/~hnw/paper/comcom11.pdf
  34. https://www.hostinger.com/tutorials/what-is-hotlinking
  35. https://irdeto.com/blog/the-ins-and-outs-of-cdn-leeching-the-next-generation-of-online-video-piracy
  36. https://www.wearewibble.com/security-a-guide-to-combatting-ddos-and-resource-exhaustion/
  37. https://biztraffic.com/hotlinking-is-bad-for-everyone-involved/
  38. https://www.bentasker.co.uk/posts/blog/general/blocking-chatgpt-from-hotlinking-to-my-media.html
  39. https://ublockorigin.com/
  40. https://noscript.net/usage/
  41. https://www.sciencedirect.com/science/article/abs/pii/S0140366410002422
  42. https://www.hostwinds.com/blog/hotlinking-pitfalls-and-how-to-protect-yourself
  43. https://brave.com/shields/
  44. https://support.mozilla.org/en-US/kb/enhanced-tracking-protection-firefox-desktop
  45. https://developer.mozilla.org/en-US/docs/Web/Privacy/Guides/Firefox_tracking_protection
  46. https://www.hostinger.com/in/tutorials/hotlinking
  47. https://www.ramotion.com/blog/what-is-hotlinking/
  48. https://httpd.apache.org/docs/2.4/rewrite/access.html
  49. https://nginx.org/en/docs/http/ngx_http_limit_req_module.html
  50. https://docs.aws.amazon.com/AmazonS3/latest/userguide/ShareObjectPreSignedURL.html
  51. https://developer.mozilla.org/en-US/docs/Web/HTTP/Cross-Origin-Resource-Policy
  52. https://developers.cloudflare.com/waf/tools/scrape-shield/hotlink-protection/
  53. https://www.digitalocean.com/community/tutorials/how-fail2ban-works-to-protect-services-on-a-linux-server
  54. https://www.law.cornell.edu/uscode/text/17/106
  55. https://fordhamlawreview.org/wp-content/uploads/2023/05/Autret_April.pdf
  56. https://www.haynesboone.com/news/publications/two-cases-raise-new-copyright-infringement-concerns-for-internet-linking
  57. https://ir.lawnet.fordham.edu/flr/vol91/iss5/11/
  58. https://fairuse.stanford.edu/overview/website-permissions/linking/
  59. https://lumendatabase.org/topics/22
  60. https://scholarship.law.duke.edu/cgi/viewcontent.cgi?article=1047&context=dltr
  61. https://www.nolo.com/legal-encyclopedia/linking-framing-inlining-30090.html
  62. https://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=CELEX:32001L0029:en:HTML
  63. https://www.clarin.eu/content/copyright-exceptions
  64. https://www.law.cornell.edu/uscode/text/17/512
  65. https://www.copyright.gov/policy/moralrights/full-report.pdf
  66. https://www.copyrightlaws.com/moral-rights-in-u-s-copyright-law/
  67. https://www.copyright.gov/ai/
  68. https://www.congress.gov/crs-product/LSB10922
  69. https://www.martensenip.com/blog/2025/october/ai-copyright-infringement-understanding-ai-copyr/
  70. https://www.ropesgray.com/en/insights/alerts/2025/07/a-tale-of-three-cases-how-fair-use-is-playing-out-in-ai-copyright-lawsuits
  71. https://www.copyright.gov/docs/making_available/making-available-right.pdf
  72. https://ir.lawnet.fordham.edu/cgi/viewcontent.cgi?article=6005&context=flr
  73. https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=celex:62008CJ0005
  74. https://www.ippt.eu/sites/ippt/files/2009/IPPT20090716_ECJ_Infopaq_v_DDF.pdf
  75. https://curia.europa.eu/juris/document/document.jsf?docid=183124&doclang=EN
  76. https://www.wipo.int/en/web/wipo-magazine/articles/european-court-of-justice-hyperlinks-to-unauthorized-content-may-infringe-copyright-39810
  77. https://www.hcourt.gov.au/sites/default/files/assets/publications/judgment-summaries/2012/hcasum16_2012_04_20_iiNet.pdf
  78. http://classic.austlii.edu.au/au/journals/SydLawRw/2013/18.pdf
  79. https://indiankanoon.org/doc/12972852/
  80. https://wilmap.stanford.edu/entries/my-space-inc-vs-super-cassettes-industries-ltd
  81. https://cdn.ca9.uscourts.gov/datastore/opinions/2023/07/17/22-15293.pdf
  82. https://www.wipo.int/documents/d/cws/docs-en-blockchain-for-ip-ecosystem-whitepaper.pdf
  83. https://scholarship.law.columbia.edu/cgi/viewcontent.cgi?article=1042&context=law_media_arts
Add your contribution
Related Hubs
User Avatar
No comments yet.