Skip to main content


Hotlinking is a definition used to describe the practice of embedding a multimedia object on a website that is hosted on a different server. Through hotlinking you can integrate images, videos or even JavaScript on your website, in order to increase the functionality or attractiveness of the page. If the relationship through an embed code is done without agreement from the image provider, it is called traffic theft. Synonyms for hotlinking are inline links, leeching, or piggy-backing.


Hotlinking is based on the fact that http does not distinguish between different links and treats all links equally, regardless of whether all link destinations are hosted on the same server. Therefore, different items can be integrated into a website, even if your content is retrieved from different hosts and appears as a single image in the browser. Once a browser retrieves the content from a web portal, it will start with the text within the HTML document. There may be links and scripts embedded within this document that will initiate the loading of other files. If the browser retrieves images from the root URL, or from external sources, it makes no difference to the presentation. The affected web portal or, rather, the server on which the site is hosted, you benefit from less data volume, since the content of the online link is loaded from another server. Therefore, the web portal can benefit from a shorter loading time despite the multiple contents of the media. However, the webmaster then depends on the external source having the integrated resource at all times. Common examples of desired direct links are videos from YouTube or other video platforms, as well as widgets or online frames from news sites.

Traffic theft

When hotlinking is not explicitly allowed, many times it is considered as a traffic robbery. A common example of this is the posting of image links on forums. A user integrates a link to the image of a product that he likes in his forum message. Each time the image is retrieved, an additional load will be placed on the destination link server. In crowded forums, this can have a huge impact on host traffic, without the image owner getting any direct visitors to your website. In many cases, this type of hotlinking is not done with bad intentions. However, there are cases in which iframes are deliberately used to divert traffic from other sites. An example of arbitrary traffic control can be found many times in Google's SERPs image. The link source specified for an image displayed on the results page has the image included only as a direct link and is not a link to the web portal of the actual source.


The online link or hotlinking can be done in different ways:

  • Webmasters can knowingly control traffic to their servers by outsourcing image or video resources to different servers or subdomains. When accessing the web, the text comes from the domain and the images from
  • Images or videos from other hosts are embedded via the src attribute and the HTML iframe element. Example: The site URL is and the images are embedded via src = »».
  • Banners are not usually hosted on their own server, but integrated through external websites.
  • If content delivery networks are used, media onboarding is often done through hotlinking.
  • The widgets of news websites or weather services are usually integrated by hotlinking.

Criminal hotlinking

By including direct links on your website, there is a risk that users will be directed to malware sites. Visitors will not be able to recognize at first glance whether the links on the page they visited lead to trust goals. It offers scammers the ability to exploit confidential user data through scripts and phishing between sites or reading user traffic. This can be done specifically through built-in JavaScript items. At the same time, the page that provides the direct links does not have direct control over the content of the iframes and can only delete them from the source code in extreme cases.


Unwanted direct links can be avoided mainly with security techniques in browsers. If a link on an embedded medium, for example, goes to an untrusted source, the browser prevents loading or asks the user if the content should be loaded. Ad blockers can also accomplish this task. There are different options available to webmasters to avoid hotlinking. Unwanted hotlinking can be detected by HTTP referrers. The server can be configured with PHP or in the case of Apache by modulation rewriting in such a way that your server's media cannot be included in other sites or a blank document appears.

Hotlinking and copyright

The legal situation for the incorporation of external content through hotlinking is not clear today, since the source of the integrated medium is indicated in the reference link and the medium itself is not modified. It is often a question of interpretation whether the hotlinking is copyright infringement or not. According to a ruling of the Court of Justice of the European Community, hotlinking is allowed if the content has been uploaded to the Internet and it is enabled totally free for anyone. It becomes a problem if images or videos are included that were not intended for public distribution. If you want to ensure that you can use media from another host on your web portal, you must first ask the operator of the other web portal and get a confirmation.

Advantages for usability

Hotlinking can be very beneficial for the usability of a web portal. If a web portal receives additional "rich content" through videos or images, it will be more attractive to users, which will increase the length of stay and the interaction rate. This, in turn, can have a positive impact on Google's evaluation of the site. Since the hotlinking reduces server load And so, increases page loading speed When inserting additional image or video material, it is also technologically beneficial. A disadvantage, however, is that webmasters do not have any direct influence on the content that is inserted through online links. If a video is changed or an image is removed from the external host, it will no longer be available on your site. Therefore, if you embed media, you should periodically verify that all resources are still accessible for guarantee maximum usability for your visitors. At the same time, care must be taken that external content is not used for criminal purposes. Depending on the type of medium that is integrated, it may be necessary to adapt the Privacy Policy of your website. Examples of this are Facebook's built-in widgets or "Like" buttons.