Ensuring only web browsers can access your website

InfinityFree is a website hosting service. That means that the hosting accounts we provided are intended for hosting websites. Websites contain pages that are accessed through web browsers. InfinityFree is not intended to be used for file sharing, API hosting, database hosting or background tasks/tools.

To help enforce this, free hosting enforces a security system that makes sure that anyone trying to access your website is using a normal web browser. This is done by checking whether the web browser can execute Javascript code and can accept cookies.

Every modern web browser supports Javascript and cookies and can be used to access your website without any problems. Unless the visitor has specifically disabled Javascript or cookies in their browser, they can access your website without any problems. Almost all websites require cookies and Javascript to work correctly, so very few people will experience problems with this.

This security system also helps to protect your website against (malicious) bots. However, some functions of some applications won’t work correctly because of this system.

Which features are not supported?

Because of this security system, the following things will not work correctly or at all on websites on free hosting.

  • Access through Android or iOS mobile apps (mobile browsers work fine).
  • API access to websites (like WordPress XML-RPC).
  • Access from cURL or other command-line clients.
  • Website code validators and SEO checkers.
  • Domain ownership verification checks which look at website URLs or HTML code. Some webmasters tools and ad networks do this.
  • Let’s Encrypt and websites providing certificates through Let’s Encrypt (like sslforfree.com or zerossl.com).
  • AJAX requests from other websites (CORS). AJAX requests are only possible on the same (sub)domain.
  • Hotlinking and embedding images and other (static) files on other websites.

Which errors can I expect?

When trying to access your website with an unsupported client, you may see one of the following errors:

  • 403 Forbidden
  • This site requires Javascript to work, please enable Javascript in your browser or use a browser with Javascript support
  • No ‘Access-Control-Allow-Origin’ header is present on the requested resource

Specifically, content like this is sent to the browser to validate whether it supports Javascript:

<html><body><script type="text/javascript" src="/aes.js" ></script><script>function toNumbers(d){var e=[];d.replace(/(..)/g,function(d){e.push(parseInt(d,16))});return e}function toHex(){for(var d=[],d=1==arguments.length&&arguments[0].constructor==Array?arguments[0]:arguments,e="",f=0;f<d.length;f++)e+=(16>d[f]?"0":"")+d[f].toString(16);return e.toLowerCase()}var a=toNumbers("f655ba9d09a112d4968c63579db590b4"),b=toNumbers("98344c2eee86c3994890592585b49f80"),c=toNumbers("d3c143e907c1d71f78f0018d7dbf3ac7");document.cookie="__test="+toHex(slowAES.decrypt(c,2,a,b))+"; expires=Thu, 31-Dec-37 23:55:55 GMT; path=/"; location.href="https://hans.epizy.com/?i=2";</script><noscript>This site requires Javascript to work, please enable Javascript in your browser or use a browser with Javascript support</noscript></body></html>

How does this security system benefit me?

The main advantage of this security system is that it’s very effective at blocking bad bots from accessing your website. There are many malicious crawlers on the internet who are searching for security problems to hack your website, rapidly guess login details to try and access protected sections in your website or hammer unprotected forms to send spam. This security system stops almost all of them.

Those malicious bots could also use a lot of server power, which can cause your website to be suspended if you use too much of it. So this security system helps to make sure that regular, legitimate website visitors can access your site without any problems.

Can search engine crawlers still access my website?

Despite being automated scripts, search engine crawlers can still access your website. The crawlers of all popular search engines can execute Javascript code and accept cookies. So search engines will have no problems indexing your website and your site can be visible in search engine results.

Note that some “search engine validator” scripts do not support Javascript and cookies, and will report that your website is inaccessible. However, this is an error with the validator tool, and does not prevent search engine crawlers from working correctly.

If you suspect your site is not being indexed correctly by search engines, you may wish to sign up for the Webmasters service from search engines like Google and Bing. From there you will be able to see if the search engines have any problems accessing your site.

Can I disable this security system?

No, this security system is mandatory on all websites and cannot be disabled.

If this security system means your website or application does not work as expected on InfinityFree, please consider to moving your website to premium hosting. On premium hosting, this security system is not present (your website will be protected in less obtrusive ways), so you can access your website through other clients which are not browsers (like mobile apps, automated verification tools, etc.).

3 Likes

You have a spelling mistake.

8 Likes

why?

Please read the article. It explains why:

12 Likes

is premium plan can solve the problem of api access

Yes

4 Likes

good