Build 10 classic Flash games and learn game development along the way with this ultra-fast paced game development course.

If you love this blog, this is the book for you.

Buy the book

Get the source code of 12 commercial Flash games, which have been loaded more than 50 million times!

Learn from real world successful examples.

Get it now

Box2D for Flash Games teaches you how to make Flash physics games from scratch with the most advanced features.

Create the new Flash game smashing hit.

Buy the book

How to sitelock a Flash movie

March 10, 2008 • Flash by Emanuele Feronato • 34 Comments

Sometimes you need to make your Flash movie (or game) to work only on selected domains. Sometimes you may want to blacklist some domains so they can’t display your Flash content.

This is called sitelocking, and means you lock a movie to a specific site.

Let’s see how can you sitelock a Flash file.

The first thing we need to know is where the movie is been played.

With the _url property we can determine the absolute path of a movie clip.

I will create a movie with a text field instanced as domain with this actionscript:

domain.text = _url;

This is the result:

Next we have to determine the domain name, so we need some string functions. First we need to strip all characters before :// (:// included).

Using the split method, I’ll split a the domain name into substrings by breaking it wherever :// is found, in this way:

domain_parts = _url.split("://");
domain.text = domain_parts[1];

Splitting the domain name by :// will create an array with its first element (at index 0) containing http (or https, or whatever I’ll find before the ://), and the second element with the remaining part of the domain. Look:

We are few steps away from having only the domain name.

In the same way as before, now I have to split the string when I find a /

Here it is:

Now, we are ready to sitelock the game. Just remember that some portals do not use their domain to host Flash games. For example, NewGrounds uses uploads.undergrounded.net while Kongregate uses chat.kongregate.com.

Anyway, the customer who will request to sitelock your Flash movie will tell you which domain you have to lock the game on.

Now, let’s think about what to do when the movie is played in a site you don’t want to be played. The easiest thing is making the root transparent so it will impossible for the surfer to use it.

This function will display the game only if played on my domain.

Now, the last interesting thing… how to sitelock to more than one site.

This one only allows movie to be played on this domain and on triqui.com

Hope you will find it useful

Rate this post: 1 Star2 Stars3 Stars4 Stars5 Stars (31 votes, average: 4.87 out of 5)
Loading ... Loading ...
Flash Templates provided by Template Monster are pre-made web design products developed using Flash technology.
They can be easily customized to meet the unique requirements of your project.
Be my fan on Facebook and follow me on Twitter! Exclusive content for my Facebook fans and Twitter followers

This post has 34 comments

  1. First comment

    on March 10, 2008 at 2:22 pm

    YAY! first comment. anyway, sounds nice. Good Job!

  2. Ernesto Quezada

    on March 10, 2008 at 4:20 pm

    thanks man, I was thinking about using something like this but in a different way, ie if my swf is not on kongregate, then show the mochiads leaderboard, otherwise use the kong API… :)
    this will help me to work out the script I need

    Salut!

  3. Jesse

    on March 10, 2008 at 5:53 pm

    Wonderful!
    I’ve been looking for a better way to do this!
    Works beautifully, thanks much!

  4. Rick

    on March 10, 2008 at 6:19 pm

    Thanks Emanuele!

  5. JDog

    on March 10, 2008 at 6:30 pm

    Thanks Emanuele, very helpful, I can finally sendmy game prototypes to http://www.flashgamelicense.com without fear !

    Now all I require is a reply to my email or else I can’t get my game going properly. I’ll definately buy you a beer or two once the sponsorship pays through !

  6. Emanuele Feronato

    on March 10, 2008 at 6:39 pm

    Sitelocking is useless if you don’t encrypt your game anyway

  7. souled

    on March 10, 2008 at 8:13 pm

    :o
    dude, on the second to last actionscript box you put:

    _root._alpha == 0;

    instead of:

    _root._alpha = 0;

    great tut though, shall use on new game coming out

  8. Emanuele Feronato

    on March 10, 2008 at 8:50 pm

    fixed. thank you.

  9. Luiz Fernando

    on March 10, 2008 at 9:13 pm

    Great! This goes to the SticKman’s magazine :D

  10. Grifo

    on March 11, 2008 at 4:26 am

    First time I get to understand the split command.
    Great tutorial as always.

  11. Matt

    on March 14, 2008 at 1:25 pm

    Bad news, the _url property holds the url where the swf is hosted, not where it is embedded. You’re going to need a more complex solution in order to prevent people from hotlinking off your site. Of course this can be done on your actual server, but some sites that you do want your game on might not have such a fix. I’m not sure how to sitelock your game from being embedded onto someone elses site buy hosted on yours entirely within the flash.

  12. Olivier

    on April 16, 2008 at 8:59 pm

    Thats pretty much the problem here, it makes it so people cant copy the actual swf, but they can still embed it, so its pretty useless :(
    nice tut tho, im sure lots of people found this helpfull in one way or another

  13. rizky

    on September 6, 2008 at 5:49 am

    nice tutorial thanks i will try it

  14. roboman

    on October 29, 2008 at 12:11 pm

    It’s strange…the sitelock makes the preloader don’t work.

  15. Инструкция по монетизации флэш игр | terbooter

    on October 29, 2008 at 7:19 pm

    [...] Покажите вашу игрушку на девелоперском форуме или воспользуйтесь сервисом First Impression от FlashGameLicense, чтобы получить отзывы о вашей игрушке. Не забудьте сделать sitelock, чтобы предотвратить распространение игрушки без вашего ведома. Если не знаете что такое sitelock игрушки, читайте здесь. [...]

  16. How to make Flash Games » Sitelocking

    on October 31, 2008 at 7:19 pm

    [...] great tutorial teaching HOW to sitelock can be found here: How to sitelock a Flash movie Share and [...]

  17. MochiLand » Blog Archive » Flash Game Monetization Case Study: Emanuele Feronato

    on November 13, 2008 at 1:30 am

    [...] 8) Submit your game to a developer forum or take a look at First Impression service by Flash Game License to get some quality reviews of your game. Remember to site-lock your game if you want to prevent it from being spread before you’re ready. If you don’t know how to site-lock a game, read How to sitelock a Flash movie. [...]

  18. yaboy

    on November 13, 2008 at 3:33 am

    Would something like this work better than _url…?

    var domain = this.root.loaderInfo.url.split(“/”)[2];

  19. Luke

    on January 5, 2009 at 12:38 pm

    flash.external.ExternalInterface.call( “function get_url() { return window.location.toString(); }” )

    what about this ?

  20. Luke

    on January 5, 2009 at 12:42 pm

    ACTUALLY try this
    browserurl = flash.external.ExternalInterface.call(“function(){return window.location.href}”).toString();

  21. Richard

    on February 7, 2009 at 2:05 am

    Hey there, if anyone needs an Actionscript 3 version of this tutorial, I’ve written one on my blog – http://notejot.com/2009/02/sitelocking-an-actionscript-3-flash-game/

  22. Excit: Post-Mortem | Game Reviews, Game Download, Computer Games

    on February 7, 2009 at 8:21 am

    [...] were were completely oblivious about how the flash game business works. We didn’t implement a sitelock, we didn’t implement Mochiads, we didn’t implement Mochibot, we didn’t even [...]

  23. Jan

    on February 27, 2009 at 10:24 am

    ————————————
    ———-Emanuele Feronato———
    ————————————
    You are Great!!!!!!!!!!!!!!!!!!!!!!
    many thanks to you and others like you.

    Netherlands

  24. dino

    on April 2, 2009 at 2:51 am

    How can you be sure www or even http is always included?

    I never type www when going to a website.

  25. dino

    on April 2, 2009 at 2:59 am

    Wouldn’t it be better to drop the split and just check if the beginning is equal to “http://www.mydoamin.com/”?

  26. Internet Hobo

    on May 13, 2009 at 2:31 am

    Somebody could get around this by adding a query string with ?_url=http://www.gooddomain.com or something though when they embed the file. Is there some way to determine where the swf is actually embeded?

  27. Flashtoo

    on July 31, 2009 at 7:32 pm

    NewGrounds uses uploads.ungrounded.net, not uploads.undergrounded.net .

  28. Dennis | headjump.de

    on August 5, 2009 at 10:32 pm

    Hi there,
    it’s really important to understand (what was already said) that the code in the post won’t prevent embedding the swf from an allowed host to ANY webpage. The “window.location” is the right idea there, BUT you have to use:

    window.top.location

    because window.top refers to the “most top” window, e.g. if your allowed domain is “allowed.com” and the evil domain “evil.com” just puts an iFrame on their site that contains the page from “allowed.com” with the game, window.location will say “allowed.com”, but window.top.location will reveal “evil.com”.

    - Dennis

  29. ken

    on June 9, 2010 at 2:40 am

    Step 1. Put a secret function within the flash that grabs their domain information and have it send to your database and a page that displays all thief sites.

    Step 2. Put copyright / owner information pertaining to your game or movie where it cannot be overlooked by viewers.

    Step 3. Put your flash on the web.

    Step 4. Use the web info to report their site for theft of copyrighted materials to their domain host.

    This may not work immediately if the host “doesn’t care”, but I’m sure with proper legalese and talk of “getting lawyers involved” they’ll pull the site and/or warn the client.

    I contacted my own host (godaddy) on this issue and they conferred that they would pull the thief site until they remove the copyrighted materials.

  30. Ab

    on October 25, 2010 at 6:51 pm

    @29 (Ken)
    You have a nice sample code for Step 1 ?

  31. Tom

    on June 14, 2011 at 9:35 pm

    Emanuelle, or someone else talk me through the best way to sitelock my game?
    I’d be glad to put a link to you for a month from whackyourboss.com. It gets
    around 5000 visits per day. I can send you traffic in thanks.
    Best Tom

  32. online games

    on October 8, 2011 at 4:05 pm

    Coca Cola is bad for your health, it actually is one of major contributors to adrenal exhaustion. Sugar in general is. So you might want to remove that evil donation Coca Cola advertisement and people actually might donate more to you.

  33. Massagames

    on October 27, 2011 at 7:41 am

    Returns true if the current swf is hosted on an host1, host2, host3 domain, false otherwise

    function testSiteLock():Boolean {
    var siteLock:RegExp = /^http:\/\/([-a-zA-Z0-9\.])+\.(host1|host2|host3|emanueleferonato|massagames)\.com(\/|$)/;
    return siteLock.test( loaderInfo.url );
    }

  34. free indian games

    on April 26, 2012 at 10:17 pm

    i will give it try

< >