I'm working on a site that offers a .PDF ebook for sale using PayPal as a CC processor. When the payment transaction is completed successfully at PayPal, the customer is forwarded to a special orphan page (index page in it's own dedicated directory) on the ebook site which contains a link to download the .PDF file. Hot linking to the .PDF file from 3rd party sites is restricted in .htaccess with the following: RewriteEngine on RewriteCond %{HTTP_REFERER} !^$ RewriteCond %{HTTP_REFERER} !^http://(www\.)?mysite.com/.*$ [NC] RewriteRule \.(pdf)$ - [F] Code (markup): What I would like to do now is restrict access (whether by .htaccess or PHP code) to the sale landing page so that traffic coming from anywhere other than the PayPal forwarding is denied. I found the following code: RewriteEngine On RewriteCond %{HTTP_REFERER} !^http://mysite.com/book/ RewriteCond %{HTTP_REFERER} !^http://www.mysite.com/book/ RewriteCond %{HTTP_REFERER} !^http://mysite.com/ RewriteCond %{HTTP_REFERER} !^http://www.mysite.com/ RewriteCond %{HTTP_REFERER} !^http://paypal.com/ RewriteCond %{HTTP_REFERER} !^http://www.paypal.com/ RewriteRule /* http://www.mysite.com/restricted/index.html [R,L] Code (markup): Two questions: Are there any problems with this code in .htaccess for browsers (or privacy software) that block referrers? Can I (or do I need to) modify the paypal lines to https: if the forward is from a secure page?