' Name: Protect your Client Side Script 
' with ASP v1.1
' Description:This code will allow you t
' o use ASP to check that the request for 
' your JavaScript and VBScript is a "real"
' request or just someone trying to steal 
' your code. If the request.servervariable
' s("HTTP_REFERER") returns a page from yo
' ur site then your return the JavaScript 
' if request.servervariables("HTTP_REFERER
' ") doesn't return a page from your site 
' you return an appropriate response of yo
' ur own.
' Inputs:This is the basic idea laid out
' for you to examine. You will still have 
' to do a little work to integrate it in t
' o your site but it isn't much more than 
' copy and paste. 
The Input Request.ServerVariables("HTTP_REFERER") which Is automatically sent by the browser.
'
' Returns:Will return the JavaScript or 
' VBScript if appropriate, if not a messag
' e to the user.
'
' Side Effects:It doesn't seem to work o
' n Netscape without setting up IIS to par
' se .js files like it does .asp. The user
' can still open the file from the user's 
' cache unless you include:
<%
    Response.Expires = 60
    Response.ExpiresAbsolute = Now() - 1
    Response.AddHeader "pragma","no-cache"
    Response.AddHeader "cache-control","private"
    Response.CacheControl = "no-cache"
%>
At the top of the protected JavaScript file. This Is stop the browser from saving a Local copy of the file.
'

Use the line below In place of your normal JavaScript include line.
<SCRIPT src="testcjs.asp" language="JavaScript" Type="text/javascript"></SCRIPT>
Use the code below In place of your normal JavaScript .JS file. It must be saved As a .ASP file Or it will Not work. Actually, you can Set IIS server To read .js files just like it does .asp files. This Is a good idea To hide your protection scheme For any users who are trying bypass it. Then you could save it As a .js file.
If you Do this a lot more people will be stumped.
Of course you could just As easily protect your vbscript With the technique too.
<%
' This is to force file to open save as 
' dialog box and not open in user's browse
' r
' It would be even safer to have it as "
' badtype/badtype" instead of "text/javasc
' ript"
    Response.ContentType = "text/javascript"
' Set the line below to the page that wi
' ll be granted acess to the file
' You could change the test to allow all
' pages on your site access, etc.
    If (Request.ServerVariables("HTTP_REFERER") = "http://www.mysite.com/myfolder/mypage.asp") Then
%>
/* This Is where you put the real JavaScript that you want To run */
        document.write(" ACCESS GRANTED @ <%=time%> <BR/>");
        document.write(" request.servervariables("HTTP_REFERER") = "<%=Request.ServerVariables("HTTP_REFERER")%>"");
<%
    Else
%>
/* This Is where you put the message you want users To see In place of your real JavaScript */
/* I wouldn't use the bottom line since it will give away your protection scheme and help */
/* users find a way To break it */
        No soup For you.
        Request.ServerVariables("HTTP_REFERER") = "<%=request.servervariables("HTTP_REFERER")%>"
<%
    End If
%>