Why can only web browsers access my website?
TinkerHost is a website hosting service. This means that our servers are set up to only allow websites to be hosted with us. Unfortunately, free hosting is not designed to be able to handle select types of traffic, such as the traffic resulting from an API.
For this reason, free hosting can only serve your website to web browsers, otherwise known as client devices that support both JavaScript and cookies. This security system also allows your website to be protected from bot traffic, and some types of DDoS attacks.
This is beneficial to you as a website owner as it restricts the type of requests that come to your website, making your site less susceptible to attacks and unwanted requests. Additionally, this system prevents other websites from using your hosted images on their website (This is called hotlinking).
Why am I redirected to Google’s cookie page?
Our system will automatically redirect your visitors to Google’s Cookie support page when our system detects that the visitor’s browser has cookies disabled. In order to protect your website from malicious bots and other unwanted traffic, we require that all visitors have cookies enabled. Unless a user specifically turns off cookie support, all modern browsers support cookies by default.
While there is no official way to get around this system, if you have a custom domain name, it is possible. By signing up for a free Cloudflare account and following our Cloudflare setup guide, you will be able to bypass the cookie requirement. We allow this because Cloudflare gives your site the extra layer of security that our cookie system does, but without the restrictions.
So what types of requests are blocked, and what happens?
When our system detects a request that cannot pass the security test, one of the following responses may be presented to the user:
- 403 Forbidden Error
- “This site requires Javascript to work, please enable Javascript in your browser or use a browser with Javascript support” Message
- A No ‘Access-Control-Allow-Origin’ header is attached to the requested resource
For example, the following types of requests are blocked by the system, as they cannot pass the security check.
- Accessing files or the database from a custom mobile application
- API access to your website (A WordPress or custom API for example)
- Accessing your website from command-line based tools
- Testing your website with code or SSL validators
- Domain verification checks that test HTML files (Please use DNS verification instead)
- Access to images or other media resources from a different domain (Hotlinking)
What about search engines like Google or Bing?
Search engines have been whitelisted by our system, and can crawl and index your site like normal. While some “Website Checking Tools” provided by search engines may fail, the actual crawling by the search engine will not.
If you think your website is not being crawled correctly by a search engine, please reach out to the search engine via the Webmaster panel, or their support center.