Hey all,
I’ve been thinking about secure ways to share a website preview with a client—especially when it’s something you reallydon’t want indexed, cached, or stumbled upon by accident.
Sure, you can:
- Block search engines with
robots.txt
and <meta name="robots" content="noindex, nofollow">
- Use obscure URLs
- Add password protection or HTTP auth
But honestly, unless you lock it all down tightly, once it’s on the internet, there’s always a risk. Search engines, bots, or a shared link can eventually surface it. Some crawlers ignore robots.txt
. Some platforms scan everything, even unlinked pages.
So here’s what I’ve been doing for truly private previews:
1. Export the site as static files with relative paths
This way you don’t depend on a server or platform. Just a self-contained folder of HTML/CSS/JS/images.
2. Zip it
Bundle it all into a .zip
file.
3. Share it securely
If the client is local, I’ll bring it to them on a USB stick or external drive.
If remote, I use something with end-to-end encryption or password protection—not Gmail, Google Drive, or OneDrive. They can scan or index contents, even if it’s just a link.
A few secure transfer options I’ve used:
- Sync.com (end-to-end encrypted cloud storage)
- WeTransfer Pro (with password protection)
- Encrypted email attachments (with offline password delivery)
- OnionShare (if you want to get serious)
4. Send the password separately
Text, phone, or in person. Never in the same message as the file or link.
It’s old-school but clean. No search engines, no access logs, no risk of random discovery. If they just need to view the site and don’t need it live, this does the job.
Curious what others are doing in similar situations. Have you found a cleaner or simpler method?