Inline linking (also known as hotlinking, leeching, piggy-backing, direct linking, offsite image grabs) is the use of a linked object, often an image, on one site by a web page belonging to a second site. One site is said to have an inline link to the other site where the object is located.
The technology behind the World Wide Web, the (HTTP), does not make any distinction of types of links—all links are functionally equal. Resources may be located on any server at any location.
When a web site is visited, the browser first downloads the textual content in the form of an HTML document. The downloaded HTML document may call for other HTML files, images, scripts and/or stylesheet files to be processed. These files may contain <img>
tags which supply the URLs which allow images to display on the page. The HTML code generally does not specify a server, meaning that the web browser should use the same server as the parent code (<img src="picture.jpg" />
). It also permits absolute URLs that refer to images hosted on other servers (<img src="http://www.example.com/picture.jpg" />
).
When a browser downloads an HTML page containing such an image, the browser will contact the remote server to request the image content.
The ability to display content from one site within another is part of the original design of the Web's hypertext medium. Common uses include:
The blurring of boundaries between sites can lead to other problems when the site violates users' expectations. Other times, inline linking can be done for malicious purposes.
Most web browsers will blindly follow the URL for inline links, even though it is a frequent security complaint. Embedded images may be used as a web bug to track users or to relay information to a third party. Many ad filtering browser tools will restrict this behavior to varying degrees.
Some servers are programmed to use the HTTP referrer header to detect hotlinking and return a condemnatory message, commonly in the same format, in place of the expected image or media clip. Most servers can be configured to partially protect hosted media from inline linking, usually by not serving the media or by serving a different file.
URL rewriting is often used (e.g., mod_rewrite with Apache HTTP Server) to reject or redirect attempted hotlinks to images and media to an alternative resource. Most types of electronic media can be redirected this way, including video files, music files, and animations (such as Flash).