JVZoo Knowledgebase

How can we help?

How can I protect my Thank You page from people who did not purchase?

Protecting your product is an important part of being a successful seller of digital products.  There are several precautions that you can take that can help ensure that you have as much protection as possible against unauthorized downloads.  Here are several steps that you can follow that will help minimize the chances of that happening.

Protecting your Thank You Page from unauthorized access

Direct downloads offered via JVZoo are protected from unauthorized access.  External Thank You pages are not under any such protection.  You will need to do certain things yourself in order to protect this all important page.  Here are some suggestions:

  1. In order to prevent search engine bots from indexing your page, or from following links to your Thank You page, you will want to insert this HTML code into the head section (the area between the <HEAD> and </HEAD> tags):

<META name="robots" content="noindex, nofollow"/>

  1. Give your Thank You page an obscure filename that is hard to guess (for example, name it something like “Bn7hFb1dr.html” rather than “thankyou.html”)
  2. If you are experienced with programming, you can also create a script that will prevent any access to your Thank You page unless they have gone through the payment process. These instructions will help you create a script using the JVZoo variables that are automatically passed:

Security Script for JVZoo Purchases

**This is an advanced topic.  This is only recommended for vendors with advanced programming knowledge or those that have the assistance of a programmer.

When a purchase has been completed, there are several values that are passed to your Thank You page, provided you have entered your “secret key” into your account.  The values that get passed are the receipt number (cbreceipt), the time of the purchase (time), the JVZoo item number (item) and the proof of purchase value (cbpop).

When a customer makes a purchase, JVZoo encrypts the receipt, time, and item.  This is accomplished by using the secret key that you specified in your account.  That information is then passed to you in the cbpop query screen.  You can confirm that the proof of purchase (cbpop) is correct by using the validation script.

The php script below is a good starting point for validating and extracting the cbpop values in order to ensure that there was a valid purchase made before the page can be accessed. *This code sample does not apply to the JVZIPN.




function jvzValid()












            return 1;


            return 0;





Was this article helpful?
1 out of 1 found this helpful
Have more questions? Submit a request