Information about Inline Linking

Inline linking is the placing of a linked object, often an image, from one site into a web page belonging to a second site. The second site is said to have an inline link to the site where the object is located. Inline linking is also known as hotlinking, leeching, piggy-backing, direct linking or bandwidth theft.

Web browsers do not distinguish between an HTML reference for an image on the same server and one on a different server even if it is entirely located on a different site. Both links would be written with the same HTML "tag".

When a web site is visited, the browser first downloads the textual content in the form of an HTML document. The downloaded HTML document may call for other HTML and/or stylesheet files to be processed. These files may contain <img> tags which supply the URLs that allows images to display on the page. Normally, these are "relative" URLs that refer to images on the same server:

>

HTML also permits absolute URLs that refer to images hosted on other servers:

>

When a browser downloads an HTML page containing such an image, the browser will contact the remote server to request the image content.

The ability to display content from one site within another is part of the original design of the Web's hypertext medium. There are legitimate uses of inline linking:

• Web architects may deliberately segregate the images of a site on one server or a group of servers. Hosting images on separate servers allows the site to divide the bandwidth requirements between servers. As an example, the high-volume site Slashdot stores its "front page" at slashdot.org; individual stories on servers such as games.slashdot.org or it.slashdot.org; and serves images for each host from images.slashdot.org.
• Many web pages include banner ads. Banner ads are images hosted by a company that acts as middleman between the advertisers and the web sites on which the ads appear. The <img> tag may specify an URL to a CGI script on the ad server, including a string uniquely identifying the site producing the traffic, and possibly other information about the person viewing the ad, previously collected and associated with a cookie. The CGI script determines which image to send in response to the request.

The blurring of boundaries between sites can lead to other problems when the site violates users' expectations, as in the case of cross-site scripting. Phishing attacks may embed elements of a legitimate site to gain the confidence of a victim.

This has sometimes been controversial because it is possible that the site where the object is stored and from which it is retrieved will not like the new placement or will consider it to be bandwidth theft: a site owner may incur additional expense for using more bandwidth. Inline linking to an image stored on another site increases the bandwidth use of that site even though the site is not being viewed as intended. Some servers are programmed to use the HTTP referer to detect hot-linking and return a condemnatory message, commonly in the same format, in place of the expected image or media clip.

Forms of hotlinking also include video files, music (or mp3) files, animations (such as Flash). Most types of electronic media are susceptible to inline linking.

Protection

Apache servers can be configured to partially protect hosted media from inline linking, usually by not serving the media or by serving a different file[1]. On Microsoft's Internet Information Services Web servers, there are a number of third party tools available to combat inline linking and hotlinking, including LinkDeny [2] and ColdLink [3].

See also

• Deep linking
• Off Page Optimisation