Configure CORS for Amazon S3 Storage to prevent illegal download

If you host your chapter images on Amazon S3, then you may want to configure CORS policy for them, so that images cannot be downloaded outside your website domain.

To do that, go to your Buckets > Permissions tab

Then scroll down to Cross-origin resource sharing (CORS) section below, and edit the policy like this

Replace the “AllowOrigins” domain with your own domain. Here’s the text for you to copy

“AllowedHeaders”: [],
“AllowedMethods”: [
“AllowedOrigins”: [
“ExposeHeaders”: []

Save it. That’s all. Now your images can only be loaded from your website. If other websites hotlinking your images, they cannot be loaded. Crawlers which try to download images will not be able to download as well.