No Photos?

First posted Nov 6, 2006
Last update Mar 15, 2015


If you are not seeing any pictures at all on my site, except maybe the webcams, the reason is simple, but the explanation is complicated.

Photo of Cowboy Frank
If you see this image,but not this image,
(they should look the same) 

then this page will explain your problem

Photo of Cowboy Frank


Your firewall is replacing the html header referring page field with an advertisement for itself.


html headers
When your web browser requests a file from my server, your browser includes a string of data called the html header. Among other items, this string includes your IP (Internet Protocol) address. Your IP address is required so my server knows where to send the file back to.

Another important component in the html header is the refering page field which contains the address of the page you were viewing which requested this file. If you clicked a link which sent you here, that page's address is included. For an image, the referring page would be the page the image is shown on.

This is what your computer is reporting as your referring page, which would be the page you just came from.


The referring page data is very useful in analyzing the traffic to my website. For example if you clicked a link which pointed to a missing page (Error 404, file not found) I can find the referring page with the defective link and fix it.

Firewall blocking
For some reason a few firewall companies seem to think this is an invasion of your privacy, despite the fact that it is impossible to find out who you are from this info, without a court order. Your IP address can only be connected to you personally by your Internet Provider, and they don't let that information out except to law enforcement people, and then only if you have done something really bad and a court has instructed them to release the information. Blocking the rest of the data doesn't protect your privacy either because, since the IP address must be included, you can still be identified, if neccessary.

Bandwidth or more accurately, data transfer
While you can visit my website for free, I pay a monthly fee for the hosting of my site. What I pay isn't excessive, but there are restrictions on my service. I am allowed only a certain amount of data transfer a month. Data transfer is the total of all the files viewed on my site, times the file sizes, times the number of times each file is viewed. If my site uses more data transfer than my allotment, I have to pay extra, or they turn my site off.

Bandwidth Theft
Also known as inline linking, hotlinking, leeching, or direct linking. Here's a Wikipedia article on bandwidth theft.
What most people don't realize is when you see an image on a webpage or blog, it is possible that image could be coming from a different computer than the one hosting the webpage you are viewing. This is using the other person's bandwidth, and is referred to as bandwidth theft. is the world's worst offender of this type of bandwidth theft. MySpace makes money by selling advertising on their pages, then they encourage their members to populate their bolgs by inserting pictures pulled from other servers. By using other people's bandwidth, MySpace doesn't have to pay for either the bandwidth or file storage space, which are the two most costly portions of a website.

While bandwidth theft is not illegal, it is generally considered unethical. Imagine hundreds of people using your cell phone without your permission. I recently helped a friend revamp his site. After analyzing his log files, we realized his bandwidth theft was 70 times the data transfer his actual site was consuming, and that was from only 2 pictures being embedded on numerous MySpace blogs. Luckily his site was very small and the total data transfer was still below his allotment. There are over 1.1 gigs of files on, and my in-house data transfer takes 85% of my monthly allotment. I can't afford any bandwidth theft.


At one time I had passwords on my picture files, but that required my visitors to enter a username and password before they could see my galleries. In addition, due to some technical issues, I was unable to protect pictures on the main index or thumbnail pages with that system. I had a lot of bandwidth theft from those areas I couldn't password protect, and I spent allot of time moving files around trying to stay ahead of the bandwidth thieves.

Around the middle of 2006, I discovered a way to use the referring page header information to control access. My server analyzes the referring page field, if the field indicates the page containing the image is located on, or the field data is missing, then the image is sent to the visitor. If the referring page field contains anything else, the image is refused. This puts an additional workload on my server, but has completely eliminated all my bandwidth theft.

If you have a blog on and you try to embed a photo from my server in your "space", the header lists the referring page as being on "" rather then "", so my server refuses to deliver the image.

Your problem

If you are unable to see my pictures, your firewall is not just blocking the referring page header field, it is actually relacing it, usually with an advertisement for itself. I frequently see lines in my logs such as "field blocked by *#%@ firewall". This doesn't match "" so my server refuses the request for the image. If your firewall was just blocking the field, leaving it blank, my server would have sent you the image and you wouldn't be reading this.

What can you do?

Tell your firewall not to block that portion of the html header, or better yet, get another firewall which isn't trying to promote itself to all the websites you visit. (I might call that reverse popup advertising) The firewall contained in Windows XP SP2 is decent and is part of your operating system. Most of the commercially available firewalls are also good. It is just a few that think they need to stick their name in web server logs which are only seen by an extremely small number of people.

I am told by a visitor that in Zone Alarm the option to show headers is right next to persistent cookies and web bugs.