Protecting Demo Websites through Gateway URLs

  • Redirects: Web server performs a 301 redirect from a randomized gateway URL to an internal page with a normal URL.
  • HTTP Referrer: Web server serves a landing page for randomized URLs, and inspects the referrer header on all loaded resources, whitelisting IP address on the first occurrence of a recognized gateway URL in the Referrer header.
  • URL query parameters: Instead of generating randomized path, serve the page on the same URL path, but put the randomization in the URL query parameter.
  • URL fragment indicator: (This is the suffix of the URL following the “#” sign.)
  • Embedded authentication token: Embed authentication token inside the body of an HTML page. When it is loaded, arrange it to send the authentication token to the server by any means, such as via a Cookie.
<meta name="referrer" content="no-referrer-when-downgrade">



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Boris Reitman

Boris Reitman


The course of history is determined by the spreading of ideas. I’m spreading the good ones.