Protect image download

Question

I know the best way to protect image download is not putting it on internet in the first place.

I assume there is no 100% protection against image download and that if a user can see an image on internet he can with a bit of experience find access to download it.

I am aware of transparent .gif or .png covering the images or using background_image CSS property to protect it and prevent right click download but are there

other ways to complicate image download and therefore prevent image download by most users?

Here is simple code to start with :

<img src="http://placekitten.com/600/450">

Answer 1

Another way to remove the "save image" context menu is to use some CSS. This also leaves the rest of the context-menu intact.

img {
    pointer-events: none;
}

It makes all img elements non-reactive to any mouse events such as dragging, hovering, clicking etc.

See spec for more info.

In reactjs project, avobe code put in global CSS (index.css)

Answer 2

No there actually is no way to prevent a user from doing a particular task. But you can always take measures! The image sharing websites have a huge team of developers working day and night to create such an algorithm where you prevent user from saving the image files.

First way

Try this:

$('img').mousedown(function (e) {
  if(e.button == 2) { // right click
    return false; // do nothing!
  }
});

So the user won't be able to click on the Save Image As... option from the menu and in turn he won't get a chance to save the image.

Second way

Other way is to use background-image. This way, the user won't be able to right click and Save the Image As... But he can still see the resources in the Inspector.

Third way

Even I am new to this one, few days ago I was surfing Flickr when I tried to right click, it did not let me do a thing. Which in turn was the first method that I provided you with. Then I tried to go and see the inspector, there I found nothing. Why? Since they were using background-image and at the same time they were using data:imagesource as its location.

Which was amazing for me too. You can precvent user from saving image files this way easily.

It is known as Data URI Scheme: http://en.wikipedia.org/wiki/Data_URI_scheme

Note

Please remember brother, when you're letting a user surf your website you're giving him READ permissions on the server side so he can read all the files without any problem. The same is the issue with image files. He can read the image files, and then he can easily save them. He downloads the images on the first place when he is surfing your website. So there is not an issue for him to save them on his disk.

Answer 3

If it is only image then JavaScript is not really necessary. Try using this in your html file :

<img src="sample-img-15.jpg" alt="#" height="24" width="100" onContextMenu="return false;" />

Answer 4

There is no way to protect image downloading. This is because the image has to be downloaded by the browser for it to be seen by the user. There are tricks (like the transparent background you specified) to restrict certain operations like image right click and saving to browser cache folder, but there isn't a way for truly protecting the images.

Answer 5

1. Disable the Right Click on all Images

let allImages = document.querySelectorAll("img");
allImages.forEach((value)=>{
    value.oncontextmenu = (e)=>{
        e.preventDefault();
    }
})

2. Disable the Pointer Event Using CSS

img{
    pointer-events: none;
}

3. Put a transparent overlay over all the Images

<div class="imageContainer">
    <div class="overlayDiv"></div>
    <img src="Image.jpg" alt="Image">
</div>

And some CSS like this

.imageContainer{
    position: relative;
}
img{
    position: absolute;
    width: 100%;
    height: auto;
    top: 0px;
    left: 0px;
}
.overlayDiv{
    position: absolute;
    width: 100%;
    height: auto;
    top: 0px;
    left: 0px;
    background-color: transparent;
    z-index: 2;
}

4. Put your Image as a Background Image

div{
    background-image: url(Image.jpg);
    background-size: cover;
}

These methods will only work on normal users because they most probably don't know about the inspector or how to check source code.
But a web developer can easily download these files, there is no such way you can disable the inspector completely.

---

---

At the end i would like to add few words.

Technically, Now think about this you are sending a Image from your server to another computer over HTTP, and you are at the same time trying to prevent it, it doesn't make any sense.....

you should always assume that anything that enters the machine of the user can be retrieved back now or later, no matter how hard you try, to hide it with encryption or maybe like youtube, sending the thing in chunks, and collecting them in browser.

getting the image ultimately is hard for a common user but not for people with a lot of technical background, maybe they are intercepting the entire network on Operating System Level, how you gonna stop them there.

Answer 6

As some people already said that it is not possible to prevent people to download your pictures, a trick could be something like this:

$(document).ready(function()
{
    $('img').bind('contextmenu', function(e){
        return false;
    }); 
});

This trick prevents from the right click on all img. Obviously people can open the source code and download the images using links in your source code.

Answer 7

There is no full-proof method to prevent your images being downloaded/stolen.

But, some solutions like: watermarking your images(from client side or server side), implement a background image, disable/prevent right clicks, slice images into small pieces and then present as a complete image to browser, you can also use flash to show images.

Personally, recommended methods are: Watermarking and flash. But it is a difficult and almost impossible mission to accomplish. As long as user is able to "see" that image, means they take "screenshot" to steal the image.

Answer 8

Here are a few ways to protect the images on your website.

1. Put a transparent layer or a low opaque mask over image

Usually source of the image is open to public on each webpage. So the real image is beneath this mask and become unreachable. Make sure that the mask image should be the same size as the original image.

<body> 
    <div style="background-image: url(real_background_image.jpg);"> 
        <img src="transparent_image.gif" style="height:300px;width:250px" /> 
    </div> 
</body>

2. Break the image into small units using script

Super simple image tiles script is used to do this operation. The script will break the real image into pieces and hide the real image as watermarked. This is a very useful and effective method for protecting images but it will increase the request to server to load each image tiles.

Answer 9

First realise that you will never be able to completely stop an image being downloaded because if the user is viewing the image they have already downloaded it (temporarily) on their browser.

Also bear in mind the majority of users will probably not be web developers but they may still examine the source code.

---

I really discourage disabling right click, this can be extremely frustrating for the end user and is not safe anyway since the image can still be dragged into a new window and downloaded.

I would suggest the method used by CampSafari i.e.

img {
    pointer-events: none;
}

but with an improvement:

So first lets remove the url of your image and add an id attributes to it. Like so:

<img id="cutekitten">

Next we need to add some JavaScript to actually show the image. Keep this well away from the <img> tag you are trying to protect:

document.getElementById("cutekitten").src = "http://placekitten.com/600/450";

Now we need to use the CSS:

#cutekitten {
    pointer-events: none;
}

The image cannot be dragged into a new window as well downloaded via right click.

JSFiddle

---

Yet another method you could use is the embed tag:

<embed src="http://placekitten.com/600/450"></embed>

This will prevent the right click.

Answer 10

I know this question is quite old, but I have not seen this solution here before:

If you rewrite the <body> tag to.

<body oncontextmenu="return false;">

you can prevent the right click without using "real" javascript.

However, you can't prevent keyboard shortcuts with HTML. For this, you must use Javascript.

Answer 11

It's pretty much all about how much work the "thief" is willing to put into stealing the image.

You can possible deter a lot of lazy ones by just disabling the right-click menu, creating overlays, using it as background-image, ... But anyone with limited IT skills can go into the Developer Tools, under "Network", and is able to see and copy any images that have been downloaded to the browser.

These solutions also come with some downsides. Using "background-image" will possibly prevent Google from indexing your image. No context menu can prevent the user from using other options in the context menu which can be quite annoying.

The best - and basically only - solution, is to cut the image up into small pieces server-side, and put them back together with some custom javascript. For extra protection you can store some kind of "map" along with the image, with directions on how the image should go back together. This way it's not clear to the thief how all the different downloaded tiles should fit together.

Of course anyone can always take a screenshot. But I assume you are more worried about people downloading a full size and high quality image, instead of just having a low-res screenshot version.

Answer 12

As other answers said, if you can see it you can copy/download it.

To add up to the other answers, just for your information, you can add invisible or tricky watermarks to your images: http://www.cgrats.com/create-an-invisible-watermark-in-photoshop.html (just an example, there are more techniques, just google for invisible watermarks)

Anyway if you want to prove the ownership of your image a good way is to have a bigger resolution copy for yourself, and always publish a lower resolution / size one. Or publish it also on a "public" media like ... deviantart or flickr or something where people can't change the upload date. This way you can prove you had that image before anybody else

Answer 13

Try this one-

<script>
    (function($){
      $(document).on('contextmenu', 'img', function() {
          return false;
      })
    })(jQuery);
  </script>

Answer 14

This is working form me: content: url('https://myimage.png'); in the style or css class. Than you cant right click and save the image.

img.my-image-class{
            content: url('https://myimage.png');
        }

You can also convert the image to base64 and put it like bellow. So if yo want to download the image you need to use developer tools, than find the class, than copy the base64 which can be long if the image is big and than you need to decode this base64 and you will have the image. So its still possible to download the image. Even if it was not possible users can make screenshots of the image on the webpage and cut it in paint or use cutting tools.

img.my-image-class{
                content: url(data:image/gif;base64,...img base64.....);
            }

Convert IMG to Base64: https://www.base64-image.de/

Decode Base64: https://codebeautify.org/base64-to-image-converter

Reference: How to reuse base64 image repeatedly in HTML file

Answer 15

As we know there is no proper method to avoid image theft. But we can reduce it for some extent. We can avoid those people who are not geek in computers to download the image as well as your code. Here are some JQuery tricks we should include in our site to reduce image theft

• Disable right click
• Disable Ctrl+ combination (ex Ctrl+s,Ctrl+u) [Better to disable Ctrl key ]

But user can also download the web page using developer tools in Firefox. We don't have solution for this because this will be on the client side and is provided by the user's browser.

You can find the code for all the above listed on stack overflow

Answer 16

this code will disable Right-Click on Win or Click and hold on mac to open "contextmenu"

$("img").on("contextmenu",function(e){return false;});

It's so simple and always works fine. and it's not depends on OS or Browser that you're using.

Answer 17

I'm suggesting some other approaches not listed above. These approaches are more difficult than CSS styles, but they help to protect images from downloading using browser image downloader extensions as well. These extensions list all images available on a webpage and allow user to download all of them at once.

1. Convert all <img> tags to <canvas> tags.

This action removes the "Save Image" menu item on both desktop and mobile devices even if browser doesn't handle the oncontextmenu event.

2. Disrupt toDataURL and toBlob functions to thwart image downloader extensions.

There are three functions that allow saving of a <canvas> element content: toBlob, toDataURL and getContext. This code will disable all these functions:

HTMLCanvasElement.prototype.toBlob = function () { }
HTMLCanvasElement.prototype.toDataURL = function () { }
HTMLCanvasElement.prototype.getContext = function () { }

Disable these functions only if your JS code does NOT depend on them and none of your JS dependencies use these functions. If your JS code depends on these functions, you may store original functions before modifying the HTMLCanvasElement.prototype. For example,

HTMLCanvasElement.prototype.realToBlob = HTMLCanvasElement.prototype.toBlob;
HTMLCanvasElement.prototype.toBlob = function () { };
// ... when you need toBlob, call the realToBlob functions
await myCanvas.realToBlob()

Complete solution

There is a script on GitHub doing that for you: https://github.com/SjomaNikitin/image-download-blocker You can use it by including to your HTML like that:

<script src="https://raw.githubusercontent.com/SjomaNikitin/image-download-blocker/main/image-download-blocker.js" async></script>

I recommend downloading the image-download-blocker.js and hosting it locally though.

The script will wait for all images to load and replaces them with canvas tags preserving all CSS styles applied to them.

You may need to modify the code if your website uses lazy-loading images, activated on window scroll or some other event.

Answer 18

Combined with the css pointer-events property and to disable the context menu on the element, we can also build the image onto an offscreen canvas pixel by pixel to avoid it showing up in dev tools. Tads Basic Game Objects has a single static method that does it, in combination with some static properties from one of its other classes the setup is straightforward;

(function () {

//this will get loaded normally and show up in dev tools, a little black square
let dummyImage = "data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABcAAAAUCAIAAADp3DFZAAAAAXNSR0IArs4c6QAAAARnQU1BAACxjwv8YQUAAAAJcEhZcwAADsMAAA7DAcdvqGQAAAAVSURBVDhPYxgFo2AUjIJRQEfAwAAABXgAAVjZ5DkAAAAASUVORK5CYII=";

//the cat image base64 split up without the  data:image/png;base64,  part
//it will not show up in dev tools
//it is only right here in this form and drawn to the canvas
//you could continue to hide and obfiscate the following in many ways
//generally just placing it throughout other pieces of your code
//or storing it on the server
tabageos.GameSkeleton._str[2] = "iVBORw0KGgoAAAANSUhEUgAAADkAAAA4CAYAAABHRFAgAAAIBklEQVRogb1azW4bNxD+GOghLPsBrEDuPduDYBmI8xw5xgWac1P3ljhv0GuA9toXiIJYgXtQ7nW82weQ1m8xPZDDHQ6H2pXsdIAg3hV/5hvOfDPk0uF/lllVEQAQAc71t79ZrQa02i6jhw4wRBgYAJzP59nvETAByCGRfr8r8AdbqSR9wKLiAsB60+JwPN6+wgQsvix3AvpdQM6qijJgajU2bds7zuF4HP5ia3TjLJbDgT46SBNgkPWmTVZJ4pYxanltB7hr+/F6ib+/9gN9VJCzZxWdnwWACQJgc9+t3G3TJMr2yXQyiUNJsMCwFX1U4iH5IOKNARIB3/5t9mFMIgJOnk6imzPY8/kcINDNlhV9VJDOeZeEA44OgsWpW9Q9AcY+zoGmkwmAlKTOz+aAA5XG/i4pxAFYtyL+7NSwswQQHqjzRmWXDzxgAn3y8KlTJb6FeAM693XOx+FjJHbA28uFCYbE9HdLIfpdCaBsO9QIs6ryq0nA0aEgokIOHXUdfy";
tabageos.GameSkeleton._str[3] =
"S2PREGUXNJhijL4H5+dQHngPquBgruVhifphNPROMDH5uZZYOMeMLXF6+SHxy2M9a+wuBeX1wAAO7u6kjEz0/LcaUlAXrf4mh8CIBwbowxAvzK1Xd1dF6ioITz1P2QVdUAGVxd1wCAT1+WAAql3wBhAxFRV/8qGc2qip6fzrPorJvauxI8dQMP2xHMqopev7qIxlxcL+Nv+wK8Wa0cCDR9OkF771OKxTIjMpB/+rLE+ekcTeOt/friJwQTDXIlLRFgU8e6Ew44CTlPVkZ7iUpR2u1HCQWH8mt6PMGC3eh0jrq+61zYE7f3Yzl2IScS+ZWqg8EWSz/u9HiSK7uHn9x8XTk40PTYk1AsEETeHAEi14j/2cofl0u8OJvDwcdRsFLXXBlJxnUytgYoEnnSfw9hEoqewWOF8bJiQM8jdwZE4BiVmx8kLi/AObWiQAeQDZQU3A+kN56DOBmG8eyKx7AogyPxQpZVcYLCOMyiESDrsG8cWuL8PpV1ZXkSlQmTHR10O/PbpuG8E2gHST0q3Y0NIGmc0P3N43xrGtw2DQiIbEikvGF/jB2cwAWzZxU9STCKmPqnbnzwOgHOicbKHeUkEMC5DwWg02NfjskaV7v2PnKzWrnbuulCSuCJ7hoVgl/BF2HzS6FhtLQGW1oBEiskQByNxzg/O/N15nJZ6LynOOMfgCc3q5WL8QK/T4ssRVu4QA4kDYAOGKBWKMY0gU8Q";
tabageos.GameSkeleton._str[4] = "Nm37qHFpxXm6n9RVvQDgBIA+13IhMK1jRt2X1O8PlTgedVhHQJdnzPJKJXnJpMnBkzqVio8GgLjRVeXkLidwvSJYPE8h2nWEK1KIwYQoKF3lOIGICT2W6QmPxLCW5McfKoFbYOTvsYszMCkDZO6r4pXbyr0tz215hLXq1pGLecZDarV+ffcuxBnw9s0bqddWZrq8etv1++VN1ylx7XSMWVXRyeTYOGCXDNelYgYaTwukcqRASlfJ8p94sW5bHHLBILTICYmSfpt73y/TV/Q5F3WxJA9ZWfEmwiHW14TwdywwlESQyTKjpDhMtx16oJQorAAmcyKtk3VTBkLCqQniGFSMBxgpJLqJUPyvP/6Mk3xeXqfgUy9KjBT7OeDz9XVUzDISFJgs/pEahj3vSADWONpwqB2H4hMCXXRvUyh7Fu5lksW2nCh+K+biQn9NkFyo8zFoTCGy8snIT9J7fGn4kSCrxLDGSmdFuZF/MxFGkNsqPfZ60ybnvPZWy4gVvTe8vHqXBoSQy6urRJnEtdk2Tqw4VIpRSse/DSPosnHdttnnCLsYkIW3MZE+Sbh8fxWBsTADZmOLjlmNq9wxsZ1kc3ThpPezlhdkr2RsFiXE3m/vPbCLly8BAL9/+BCfre+JQ+K0xAe9NbMRi0WQDDR8Esty2";
tabageos.GameSkeleton._str[7] = "tBviiUlis/IU0tMJ7DntAxigSx+8Ml2B8qtEuKwak5S7yUDq/a8r8yLEGR8EHVD6qbbxATJTJszavccD7PUJJoxs/euUx7wALNyrG9cOYVhBC3F75PW9iuLE6gKBlwCUmYY7VaL6yXgEI9DLOXN53zoXtn6EZaP4Z/P57nFBJkk1O9sky+WywTkydNu9cYHXdWS7SIsstJFw7Yiow8kwCfUjhJz9wyaCYXLDUaf8UHh3o5KU1aKKJGRloGf08lX+cLSusal8NIFeiSQPChI+h0ejJOdlm5TkqxY0GxfiNtBIDWbmWc3kM9+4SmQEytxOB7bqaRXgbwAifOK5819a3rYoDsDFlXHd4qISPwuAST7PFH5yMNpnXZ4zs19O+hUj1R/ll6Qfqc+yYDqBM3uKifhPtn3Dpf0yn8T5eO67e4ALcTRadKdutsm1jWawVdcDg/so0ogvW3F8Xlk7NC1LK6X/vxVeAQJcC4AIMHs603rx5bG6mHY3e7xqHKL3xUZkoXKpdl6kxuIV1ETlqmH6y5IlWT3y0pitsx9DOHvKUn6ZKsH9wKQntqrSonbsMgbH0DX/rZuYF3mGMau8iEw5tAbioD/OCrPZSQIET/JNLLd9HgSgWpg0a2Dbpb0FwOh6gGJOBtQL5ak1C87WjRc9ma1ckSgH0K1tBEAt934GnbtzAryHYTQXeJlht72RUtrKgFw3MpLwX1X2gbfrXMA1ve7f4GS9+02bYuWcx62X5nh1ctSAgHf6qbQq6z7IJlVFfGNjX2udHK+JfgPsNv6z6qK2E2tdjwWMOxi4mB25a2X+Hsnkf0Htt0qt00DEEw21fIfuD+Q9s5rmqsAAAAASUVORK5CYII=";

//loadSpriteSheetAndStart draws the above into GameSkelton.__sprites pixel by pixel
//after loading the dummy image

tabageos.loadSpriteSheetAndStart(dummyImage, 57,56, function(e) { 

  var displaycanvas = document.getElementById("displayed");
  displaycanvas.addEventListener("contextmenu", function(e) { e.preventDefault(); });
  
  var co = new tabageos.CanvasObject(displaycanvas ,57,56);
  
  co.copyPixels( tabageos.GameSkeleton.__sprites.canvas, 
    new tabageos.Rectangle(0,0,57,56), new tabageos.MoverPoint() );//source, from rect, to point
    
});

//the only easy ways to get the image are using external software to copy from the screen
//or piecing the base64 back together
//in the first case adding a blur event to the page that then hides the cat canvas
//should work.

 //in a game setting typically this would load the sprite sheet that 
 //is then blit from and therefore the image loaded is never seen as a whole
})();

<script src="https://cdn.jsdelivr.net/gh/tabageos/tabageos/tbgs_min.js"></script>

<canvas id="displayed" style="pointer-events:none;width:57px;height:57px"></canvas>

Answer 19

I used the below code in global CSS (index.css) in ReactJS. It's working correctly. You can also try. Thanks.

img{
pointer-events: none;
}