I noticed in my Nginx logs that a number of sites were serving my jQuery Placeholder Plugin JavaScript files directly from my site, as opposed to hosting it themselves. Probably an accident, but still…

I emailed them, but as I didn’t hear back from any of them I decided to block the requests using the following configuration in Nginx:

location ~* \.(js|css)$ {
    if ($http_referer ~* (foo.co.uk|bar.co.uk) ) {
        return 403;

For any JavaScript or CSS files, if the referer contains the address of the sites that I know are serving my assets, I return a 403 Forbidden status and do not serve the file.

I also wrote a little Perl script which parses the Nginx log file and emails me a list of sites that may be serving my assets, so I can keep the list of blocked sites up to date. It’s a bit rough, but does the job!