Information Protection when inspecting code via browser

PHP nay difficult to copy anything from front-end, you have to understand a few things first:

• front-end

  The front-end is a relative term, but in practice it is usually used to refer to what will be processed in the browser

• back-end

  The back-end is also relative, but in practice it is usually used to refer to general server-side technologies such as database, HTTP-processing program (such as Apache and IIS) and dynamic language and frameworks

• HTTP request

  It is what the browser sends to a server, occurs at the moment you type a URL in the navigation bar, when it sends an upload

• HTTP response

  The HTTP response is generated after an HTTP request and it will respond as requested by this request

PHP is a language that can be used (and is usually used) for web pages, it runs on the side we call "back-end", the browser communicates with the server through the HTTP protocol by making a request, then PHP processes a script and generates a response, this all occurs on the server and not on the user’s machine, each line or entire content generated will be sent as an "HTTP response" to the browser you requested, for example:

In other words, PHP does not run next to HTML, it generates a response that can be an HTML "document", as it can be a TXT, an image, a video, it will depend on what you have defined that PHP should send in response.

There are many other languages that run on the server and can work with HTTP to generate responses to HTTP requests, in practice these languages like PHP, Python (usually using a framework), C# (usually using Asp.net and Asp.net-mvc), Ruby (Rubyonrails framework) and etc are used to make the development of pages more dynamic, for example when accessing a facebook profile in fact all profiles are the "same page", but the data of each profile are populated as the request and the back end generates a version based on the content desired.

In short

In short, there is no way to protect a generated or created HTML, because this is a download process, it has to avoid some attempts of copies, but those who really want to copy a page will be able to do this for more attempts you make to prevent copying, because an HTTP response is sent as a download and processed in the browser window, that is, it has already been downloaded to the machine.

What you have to worry about is protecting sensitive data such as passwords, customer data (assuming you have an important database) and preventing them from being displayed at undue times.

Techniques to try to protect

Still there are things you can do to try to protect, of course as said sensitive data should not be sent as responses, only if necessary, but if the data are not sensitive and still want to protect them.

• You can block the right mouse button with javascript:

  <script>
  if (document.addEventListener) {
      document.addEventListener("contextmenu", function(e) {
          e.preventDefault();
          return false;
      });
  } else { //Versões antigas do IE
      document.attachEvent("oncontextmenu", function(e) {
          e = e || window.event;
          e.returnValue = false;
          return false;
      });
  }
  </script>
  

• You can also block text selection with CSS:

  <style>
  /*desabilita a seleção no body*/
  body {
      -webkit-touch-callout: none; /* iOS Safari */
        -webkit-user-select: none; /* Chrome/Safari/Opera */
         -khtml-user-select: none; /* Konqueror */
           -moz-user-select: none; /* Firefox */
            -ms-user-select: none; /* Internet Explorer/Edge */
                user-select: none;
  }
  
  /*habilita a seleção nos campos editaveis*/
  input, textarea {
      -webkit-touch-callout: initial; /* iOS Safari */
        -webkit-user-select: text; /* Chrome/Safari/Opera */
         -khtml-user-select: text; /* Konqueror */
           -moz-user-select: text; /* Firefox */
            -ms-user-select: text; /* Internet Explorer/Edge */
                user-select: text;
  }
  
  /*habilita a seleção nos campos com o atributo contenteditable*/
  [contenteditable=true] {
      -webkit-touch-callout: initial; /* iOS Safari */
        -webkit-user-select: all; /* Chrome/Safari/Opera */
         -khtml-user-select: all; /* Konqueror */
           -moz-user-select: all; /* Firefox */
            -ms-user-select: all; /* Internet Explorer/Edge */
                user-select: all;
  }
  </style>
  

• Block Ctrl+U and Ctrl+S:

  Important note: cannot lock in some browsers and/or situations, this because there are sequences of keys that are reserved, this varies from browser to browser

  <script>
  if (document.addEventListener) {
      document.addEventListener("keydown", bloquearSource);
  } else { //Versões antigas do IE
      document.attachEvent("onkeydown", bloquearSource);
  }
  
  function bloquearSource(e) {
      e = e || window.event;
  
      var code = e.which || e.keyCode;
  
      if (
          e.ctrlKey &&
          (code == 83 || code == 85) //83 = S, 85 = U
      ) {
          if (e.preventDefault) {
              e.preventDefault();
          } else {
              e.returnValue = false;
          }
  
          return false;
      }
  }
  </script>
  

Other related posts

• Hide JS code
• How to compile a PHP file?
• Make it difficult to access CSS and JS files

Again I say, this does not guarantee anything, it only helps a little, but whoever is deciding to copy your page will do if they wish, however the work that is to make copies of pages people will probably prefer to take "frameworks" as twitter-bootstrap and download layouts or buy them ready.

About plagiarism

Still yes if you want to look for other means of protection maybe only the legal means, I do not think that here on the site you will find useful information for this yet take a look at the tag furlough, but still consult a lawyer, licensing on the content is something complex.