Browser Security System - Features and Limitations

SuperFree uses a security system on all free hosting accounts to ensure your website is accessed by real web browsers, not bots or automated scripts. While this protects your site from malicious traffic, it can affect certain types of access.

How the security system works

The system checks that visitors can execute JavaScript and accept cookies: features that all modern web browsers support. This verification happens automatically and most website visitors will never notice it.

You may occasionally see ?i=1 or similar parameters in your URL during this check, this is completely normal. Learn more about URL parameters.

What doesn’t work with this security system

Because the system requires JavaScript and cookies, these types of access won’t work:

Mobile and desktop apps

• Android or iOS mobile apps cannot connect to your website

• Desktop applications that try to fetch content from your site

• Progressive web apps (PWAs)

• Note: Mobile web browsers work perfectly fine

API and automated access

• REST APIs, WordPress XML-RPC, and similar services

• Command-line tools like cURL or wget

• Automated scripts and bots

• Webhooks from external services

Development and validation tools

• Website validators and SEO checking tools

• Domain verification systems used by some ad networks and webmaster tools

Cross-site requests

• AJAX requests from other domains (CORS)

• Embedding images or files from your site on other websites (hotlinking)

What still works normally

The security system only affects access to your website from external sources. These features work perfectly fine:

Outbound requests from your site

• Your website’s code can make API calls to external services

• Server-side scripts can fetch data from other websites

• External database connections work normally

Same-domain JavaScript requests

• AJAX calls within your own website work fine

• Single Page Applications (SPAs) can call APIs on the same domain

• JavaScript can fetch data from your own site’s endpoints

The key principle is that anything accessed through a real web browser, or outbound connections from your site, will work as expected.

Common error messages

When incompatible tools try to access your site, you might see:

• 403 Forbidden: The most common error for blocked requests

• “This site requires Javascript to work”: Shows when JavaScript is disabled or unavailable

• “No ‘Access-Control-Allow-Origin’ header”: Appears for blocked cross-domain requests

Benefits of this system

Protection from malicious bots: The system blocks automated attacks, login attempts, and spam bots that could compromise your site or consume server resources.

Prevents resource overuse: Malicious bots can quickly consume your account’s resource limits, potentially causing your website to be suspended. This security system helps ensure your resources are available for legitimate visitors.

Search engine compatibility: All major search engines (Google, Bing, etc.) support JavaScript and cookies, so your site will be indexed normally. Some validator tools may report issues, but actual search engine crawlers work fine.

Can I disable this system?

No, this security system is mandatory on all free hosting accounts and cannot be disabled.

If your website or application needs the blocked features, consider premium hosting. Premium hosting protects your site using less restrictive methods, allowing mobile apps, APIs, and automated tools to work normally.