Build Your First AI Project This Weekend
Stop consuming tutorials. Start creating. Get the free step-by-step guide.
2026 Update:
AI agents change the leverage in this game. Use them to speed up research, writing, QA, creative iteration, and reporting…
But the market still decides. Test, track, and let the numbers tell you what’s real.
You spend hours building a landing page that converts.
A week later, your competitor runs identical copy with your exact design.
Spy tools make ripping pages trivially easy. View source. Save page. Done. Your competitive advantage becomes shared infrastructure overnight.
A few lines of code won’t make your pages “rip proof” - that doesn’t exist. But you can make stealing your work annoying enough that lazy competitors move on to easier targets.
Now no landing page can be fully “rip” proof but you can make it a pain to try and steal your work.
Session Redirect
I have used this script quite a bit, to help lock down my landing pages. When a visitor goes to your site this script will set a session cookie then do a quick redirect. The visitor cannot see the key as the session is invisible to them. If they refresh the page they cannot see the landing page and get redirect to the secondary page. This is because when they refresh the key is no longer in the url string and the session gets unset. This also will break spy tools such as Whatrunswhere.
<?php
session_start();
$self = "{$_SERVER['PHP_SELF']}?{$_SERVER['QUERY_STRING']}";
if(!empty($_GET['key']) && $_GET['key'] == "9288" ) {
unset($_GET['key']);
$qs = http_build_query($_GET);
$self = "{$_SERVER['PHP_SELF']}?{$qs}";
$_SESSION['key'] = 1;
header("Location: $self");
exit;
} elseif (!isset($_SESSION['key'])) {
header('Location: https://marketunlock.com');
exit;
}
session_unset();
session_destroy();
session_write_close();
include("lander.php");
To make the script show the correct page you have to append the url parameter key to the end. So for example https://marketunlock.com?key=9288 The key would be set and the correct landing page would load. The visitor however would only see: https://marketunlock.com in their browser.
Device Check
This script can be duped pretty easy, but it will keep newbs away from your pages. It checks the user agent of the visitor and will only allow the correct devices to load the page. In the below example all mobile devices are allowed to see the page, if a desktop visitor goes to the page however, they’re redirected to marketunlock.com The same thing can be done with redirect rules if you’re using a front-end tracker.
<?php
if
function mobile() {
$userAgent = strtolower($_SERVER['HTTP_USER_AGENT']);
$accept = strtolower($_SERVER['HTTP_ACCEPT']);
switch(true){
case (isset($_SERVER['HTTP_X_WAP_PROFILE']) || isset($_SERVER['HTTP_PROFILE'])):
return true;
break;
case (strpos($userAgent, 'ipad') !== false):
return true;
break;
case (strpos($userAgent, 'ipod') !== false):
return true;
break;
case (strpos($userAgent, 'iphone') !== false):
return true;
break;
case (strpos($userAgent, 'android') !== false || strpos($userAgent, 'adr') !== false):
return true;
break;
case (strpos($userAgent, 'blackberry') !== false || strpos($userAgent, 'playbook') !== false):
return true;
break;
case (stripos($userAgent, 'windows phone') !== false || stripos($userAgent, 'IEMobile') !== false || stripos($userAgent, 'MSIEMobile') !== false || stripos($userAgent, 'Windows Mobile') !== false || stripos($userAgent, 'windows ce') !== false || stripos($userAgent, 'palmsource') !== false || (stripos($userAgent, 'ppc') !== false && stripos($userAgent, 'mac') === false && stripos($userAgent, 'x11') === false)):
return true;
break;
case (isset($_SERVER['HTTP_DEVICE_STOCK_UA']) || isset($_SERVER['HTTP_X_OPERAMINI_PHONE_UA']));
return true;
break;
case (strpos($userAgent, 'opera tablet') !== false || strpos($userAgent, 'opera mobi') !== false || stripos($userAgent, 'opera mini') !== false):
return true;
break;
case (strpos($userAgent, 'opera') !== false):
if (stripos($userAgent, 'x11') !== false || stripos($userAgent, 'zbov') !== false || isset($_SERVER['HTTP_X_EBO_UA'])) {
return true;
break;
}
case (strpos($userAgent, 'cfnetwork') !== false):
return true;
break;
case ((strpos($accept,'text/vnd.wap.wml')>0)||(strpos($accept,'application/vnd.wap.xhtml+xml')>0));
return true;
break;
}
}
<?php
} else {
header( 'Location: https://marketunlock.com?' ) ;?>
<?php
}
?>
If you’re not using PHP and would like to do the redirects in your .htaccess simply add:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{HTTP_USER_AGENT} "android|blackberry|googlebot-mobile|iemobile|ipad|iphone|ipod|opera mobile|palmos|webos" [NC]
RewriteRule ^$ https://marketunlock.com/resources [L,R=302]
</IfModule>
Language Detection
Most landing page thieves are smart enough to mask their user agent for devices. They however almost never make their browser language. Because of this we can block anyone with a browser language that doesn’t match where we are running traffic. For example if we were running a campaign in France chances are their browser language would be fr so anyone with a user agent that doesn’t match that, is likely trying to steal your page or wouldn’t convert anyways. *Only use this if you’re really wanting to lock down your pages as you will have some click loss.
<?php
$lang = substr($_SERVER['HTTP_ACCEPT_LANGUAGE'], 0, 2);
switch ($lang){
case "fr":
include("lander.php");
break;
default:
include("lander_2.php");
break;
}
?>
In the code above anyone with the proper language header would be sent to lander.php while anyone that didn’t would be sent to lander_2.php
Second Chance Back-Button
I’m sure many of you remember this script from my Landing Page Code post. But it is worth another mention. The scripts serves a duel purpose, it allows you to modify where the user goes if they click the back button. Plus makes it hard to see view source when they load your page on desktop. That is because whatever is in the intial.html file is what will show in the browser, which is not the same code as your landing page. So it helps quite a bit for those pesky thieves.
<script type="text/javascript">
window.history.pushState('other.html', 'Other Page', 'other.html');
window.history.pushState('initial.html', 'Initial Page', 'initial.html');
</script>
<script type="text/javascript">
window.addEventListener("popstate", function(e) {
if(document.URL.indexOf("other.php"); >= 0){
document.location.href = document.location;
}
});
</script>
Two files need to be added into the same directory as your landing page:
intial.html
other.html
These files can be named whatever you want just be sure to modify the code above.
In both the intial.html & other.html you need the following code:
<meta http-equiv="refresh" content="0;url=http://BACK-BUTTON-OFFER.com" />
Now whenever the visitor clicks the back button they will be redirected to your next offer.
Warning this causes a loop for the user and no matter how much they click the back button they will never be able to leave…
…goes without saying that many traffic sources don’t allow this.
I hope to hear some success stories with the use of these tricks.
Every time I find useful code I will add it to this post.
When All Else Fails..
Like I mentioned earlier in this post, it’s impossible to stop your pages from being ripped. All of these codes will dramatically cut back on how quickly your creatives are ripped, but once you accept the fact that it’s possible. We can start to battle those who have already stole from us, by “borrowing” some of their traffic.
Take a look at a tool I made: Warden
If you have found another cool way to help protect your pages, please let me know. I’ve tried several scripts and so far these are by far my favorites. I personally have people who steal landing pages and unfortunately have had the majority of my creatives ripped at one time or another.