Set a "security code" when the page (which includes the script) is requested.
This code is, in turn, used when the JS is requested (as a query string or so) and only works for a limited time (say 15 minutes).
Without a valid security code, disallow downloading of the JS.

This, of course, requires keeping track of the codes in a database.

if the object is just to block access to the folder where the js files are you can use htaccess. Only allow access from your own domain so your own pages can call the js files. Do a search for htaccess tutorials if your favorite search engine for how to use them. If your website has a control panel you can usually manage folder access that way.

Umm, that won't work. Certain browsers send bogus/incorrect/blank referrers.

you could be right, but htacess is pretty much a standard used on many many websites. I know the headers can be faked using a script, but I had not heard of some browsers sending bad headers, seems like a crummy broswer.

Lots of great browsers allow you to change the referrer (or send blank ones). Yet other times the referrer is a result of 3rd party software installed on your machine. There are some instances where software allows you to completely block the referrer.

Yes, .htaccess may be a commonly used standard. But this is not a common request. If you truly want to guarantee functionality while acheiving what nube101 is asking for, .htaccess cannot help you.

Yet another option is to do it directly on the server's firewall level. But you may not have access to control that. That would be the simplest method and would guarantee that the JS is only requested along with a page.

well, this is just to block direct access to js files, what those js files do or why the OP wants them blocked is a guess at this point. My hunch is that using htacess will be 99%+ effective.

... assuming the visitors don't have certain non-built-in popup blockers or Norton Internet Security installed (or certain ZoneAlarm configurations). And, if mod_rewrite is installed.

RewriteEngine on
RewriteCond %{HTTP_REFERER}!^https?://(www\.)?example\.com [NC]
RewriteRule \.js$ - [L,F]

cool, you even wrote it out for the OP, hopefully they come back and read this thread. :)

"... only requested along with a page" from my site
is correct.

Here am I. Thank you both.

DrDoc,

How am I to use those three lines within a .html file?

Is that a .pl file that I am to name and
upload to my cgi-bin (with chmod 755)?

What are the variable elements in the last two
lines which I am to change to suit?

that will be an htacess file, not perl or cgi. Where it goes is not so easy to say, if you put it in your root web folder then all folders below it will be subject to the conditions of the htacess file, or you can put it in specific subfolders and protect only those folders.

htacess is not something to mess around with though if you are not experienced, one mistake in the htacess file and your site will be inaccesible to everyone. And since some hosts hide the hatcess files from view you might not be able to delete it after you upload it if you can even upload it in the first place. Check with your host if they allow you to create your own htacess files for use on your site, many do but many do not. Then find some htacess tutorials on google or other search engine and read up and make sure you understand the syntax and logic before proceeding. And htacess is really spelled htaccess, note the two cc's.

This will get you started:

[google.com...]

I urge you to read up and get educated before proceeding. htaccess is a good thing though once you learn the various ways to use.

perl_diver,

Thank you very much
for the abundant info
and well-headed warnings.