I have a client who has an RSS feed. You have to pay to use it on your site so we track who is accessing it, they get a grace period and then it gets turned off. They have a client whose CMS won't let them use custom scripts so we've got the RSS displaying via an iframe. We can use the referrer info to check that the user of the iframe is that site... but they seem to have a significant number of visitors who block referrer information. We may need to give these guys a "key" but with iframes that's not very secure, after all you only have to view the source. Any other ideas on how to protect this feed?
Sorry but I don't really understand your problem... How do you "protect" the other feeds? Can't you just create a script on your client's box (just like you do with the others) and stick it in the IFrame? But probably I didn't understand...
We note the IP address of websites using the RSS and the iframe and if they aren't "verified" we give them a promo feed, if they are they get the real deal. With the iframe we get passed the IP of the user, not the website using the iframe. The referrer is the site using the iframe. However we can see that there are many users not supplying a referrer...