Script to Verify a Page’s Host Domain

This short script goes in your page’s header to verify that the domain matches the expected host. If it doesn’t match, you can redirect the user to another URL.

Computer Keyboard
Last Updated:
Filed Under: Web

This post may include affiliate links. Read more.

NB: Use this at your own risk. You can create a mess if you screw up, including making your website’s public pages inaccessible.

Here’s a quick little snippet that can be used in a page’s HTML header to check the domain that the page is currently published on and, if it doesn’t match, redirect the user to a different URL. It can be handy when your pages or site finds itself, shall we say, “misplaced” on another domain.

<script type="text/javascript">
if (window.location.hostname !== "YOURDOMAIN.com") {
window.location.replace("https://REDIRECTURL"); }
</script>

The logic is very simple: when the page is loaded in the browser, the script checks the page’s host domain. If that doesn’t equal the value you’ve set, then it redirects the user to a target URL.

Change the YOURDOMAIN.com part to the legitimate, original domain that the page should be on. Be precise, even with things like http and https, because the script is not going to forgive typos. And if you get it wrong, you can end up making your public pages inaccessible even to you.

Change the REDIRECTURL part to the target URL you want the user redirected to in case there’s a mismatch. You might want to send them to the legitimate URL, but you can technically put anything you like in there.

Put the script before the closing </head> tag. If you’re using a CMS like WordPress, there are plugins that can make it easy to insert script into the header of every page. Some themes also have that functionality.

If you open the page on your legitimate host domain, you shouldn’t see anything happen at all. The host domain should match the expected domain, in which case nothing happens. To test whether it’s working, you really need to upload the page to a different domain. Another option is to include a deliberate mistake in the YOURDOMAIN.com field, but that’s not ideal for a live site if you’re deploying site-wide.

This doesn’t prevent piracy or web scraping by any stretch of the imagination, and it’s very easy to overcome if the “borrower” knows what they’re doing, but if the web scraper is on autopilot–as many of them are–it might just buy you a little time and open up some other remedies as you work through the laborious process of getting your “borrowed” content taken down.

David Coleman / Photographer
by David Coleman

I'm a professional freelance travel photographer based in Washington DC. Seven continents, up mountains, underwater, and a bunch of places in between. My images have appeared in numerous publications, and you can check out some of my travel photography here. More »

2 thoughts on “Script to Verify a Page’s Host Domain”

  1. Thank you for this! We have four phishing sites that are cloning our website right now. I’ve reported them everywhere I can, but if it takes too long I’ll be using the script. I had to modify it a bit, though. Since we are on Shopify, having the script check for a matching domain doesn’t work as it breaks the theme editor on the back end. Instead, I have the script checking for the specific domains that are cloning us and redirecting. It doesn’t fully redirect, but it breaks their sites by putting them in an infinite loop. Good enough for me.

    Reply
    • Glad it worked. I ran into a similar situation a while back. It was hosted on one of those hosts that pride themselves on hosting sites that most hosts wouldn’t touch. I had no luck with the usual DMCA notices, etc, but I eventually did get results by going directly to their domain registrar, which had the effect of knocking them off their DNS host so they couldn’t get back in to reroute it.

      Reply

Leave a Comment