Not all requests provide a referrer. So all accesses can't be blocked by a referrer-based method.

Some users (both from MySpace and from approved sites) will access the images through their ISP or corporate caching proxies. The caching proxy will request the image without a referrer, since it intends to serve the cached image in response to a request from any of the users it serves, which makes the referrer header meaningless.

Some users --again both good and 'bad -- use security software suites. Many of these suites block the referrer information, and their users may be completely unaware of it.

If you 'test' on various sites, be sure to flush your browser cache after every successful image load. Otherwise, the image will now be cached in your broswer, and your browser will show you its cached version instead of re-fetching the image from your server. If no request is sent to your server, then obviously the access-control code on your server cannot affect the browser.

You cannot and should not expect any HTTP-referrer-based anti-hotlinking method to be 100% effective. The point is to reduce wasted bandwidth or to make unauthorized display of your images more difficult and unreliable. But there is no 100%-effective method to completely prevent this, short of taking your images off the Web.

Some folks use a cookies-n-script approach to control image access. Others simply rename the images directory occasionally, or even regularly on a schedule. But once an image is stored in a network or browser cache, then your server can no longer control access to it. And making the images non-cacheable simply sends your bandwidth through the roof as well...

Jim

Jim,

Thank you for your response. Though I have an extensive background in computers, my reasoning was a one is a one and a zero is a zero. You can't be both at the same time.

Obviously, enough holes exist for fuzziness. I guess I'll be happy with the reduction and stick with that.

Again, thanks.