JVZoo Knowledgebase

How can we help?

Protecting Thank You pages from people who did not purchase

Protecting your product is an important part of being a successful seller of digital products. There are several precautions you can take to help ensure you have as much protection as possible against unauthorized download.

The following are a list of recommendations to help minimize the chances of this happening:

Direct downloads offered via JVZoo are protected from unauthorized access.  External Thank You pages are not under any such protection.  You will need to do certain things yourself to protect your thank you pages.  Here are some suggestions:

  1. To prevent search engine bots from indexing your page, or from following links to your Thank You page, you will want to insert this HTML code into the head section (the area between the <HEAD> and </HEAD> tags):  <META name="robots" content="noindex, nofollow"/>2.
  2. Give your Thank You page an obscure filename that is hard to guess (for example, name it something    like “Bn7hFb1dr.html” rather than “thankyou.html”)
  3. If you are experienced with programming, you can also create a script that will prevent any access to your Thank You page unless they have gone through the payment process. These instructions will help you create a script using the JVZoo variables that are automatically passed:

**This is an advanced topic.  This is only recommended for vendors with advanced programming knowledge or those that have the assistance of a programmer.

When a purchase has been completed, there are several values that are passed to your Thank You page, provided you have entered your “secret key” into your account.  The values that get passed are the receipt number (cbreceipt), the time of the purchase (time), the JVZoo item number (item) and the proof of purchase value (cbpop).

When a customer makes a purchase, JVZoo encrypts the receipt, time, and item.  This is accomplished by using the secret key that you specified in your account.  That information is then passed to you in the cbpop query screen.  You can confirm that the proof of purchase (cbpop) is correct by using the validation script.

The php script below is a good starting point for validating and extracting the cbpop values in order to ensure that there was a valid purchase made before the page can be accessed. *This code sample does not apply to the JVZIPN.




function jvzValid()












            return 1;


            return 0;





When you use the pass parameters feature, the JVZoo transaction ID, after the dash, is passed to in the URL as a variable cbreceipt. For example, if your thank you URL is 123.abc and the customers receipt ID is PT-12345678910 JVZoo would send them to URL: 123.abc?cbreceipt=12345678910

If you would like additional information, such as customer name, email address, etc. you will need to use our API which you can read about here:  https://api.jvzoo.com

Was this article helpful?
1 out of 1 found this helpful
Have more questions? Submit a request