I have a site that has grown enormously over the past couple years. The site is hitting around 10M+ visitors a month, with over 100 million monthly request. The primary focus of the site is streaming audio, and some video content.
Currently, I write a cookie when the player is launched, there is a 15 second count down page while my current specials are displayed. When the audio player loads it checks to insure the cookie exist, then loads the player and deletes the cookie. All of which was fine a 1 year or so ago, but now, when the player loads, I guess anyone could view the pages source which contains 2 frames, 1 for text content, and one for the audio player then simply embed that in their own site.
What would be the best way to protect the audio player page? The page that loads the player is static and always the same, so would it be best practice to check if the players iframe was referred by that specific page / domain before loading? Can anyone see possible problems with this solution?
Sorry for the long request, just wanted to be detailed, so I could get a well informed answer.
Is the audio player frame a PHP page? You could add some code to check the referrer of the page. Just validate the $_SERVER['HTTP_REFERER'] variable against your domain.