...perhaps I should rephrase - is there such a thing as an 'internal' header?

Thanks for any help : )

No, there is no such thing as an "internal header," and the flash is processed client-side anyway, so the request is not "internal." The other thread on hotlinking pretty much covers all the workable approaches, from referrer-based checking (easy, but not even close to perfect), to the scripted approach (fairly solid), and changing the URLs periodically (also quite effective if done automatically).

Once the image is in the client's browser cache, it's a simple matter for the user to save the image from there. So, don't work too-too hard to make thios bulletproof, because it can't be. We can make things difficult for amateurs and for anyone in a hurry, but it's pretty difficult to make image copying "impossible." A combination of the previously-discussed anti-hotlinking techniques and watermarking may be your best solution.

Jim

Understood, Jim, thanks for the input - I'll read that thread more in detail.

I had to read up a bit more on the workings of the flash plug-in as well - and it behaves not so much differently (in loading external images and such) from any normal html. I was thinking that it was the flash player calling for the image and that it would be possible to block any image request not coming from a flash player... but the flash request seems to send all the usual headers.

Thanks again, take care,

Josefu.