This is a simple solution for those wishing to simply remove the right-click "save" option from the html5 videos

$(document).ready(function(){

   $('#videoElementID').bind('contextmenu',function() { return false; });

});

Simple answer,

YOU CAN'T

If they are watching your video, they have it already

You can slow them down but can't stop them.

The best way that I usually use is very simple, I fully disable context menu in the whole page, pure html+javascript:

 <body oncontextmenu="return false;">

That's it! I do that because you can always see the source by right click.

Ok, you say: "I can use directly the browser view source" and it's true but we start from the fact that you CAN'T stop downloading html5 videos.

Yes, you can do this in three steps:

1. Place the files you want to protect in a subdirectory of the directory where your code is running.
   
   

   
   

   www.foo.com/player.html
   www.foo.com/videos/video.mp4
   
   

   
   

   
   


2. 
   

   Save a file in that subdirectory named ".htaccess" and add the lines below.

   
   
   

   
   

   www.foo.com/videos/.htaccess

   
   

   
   
   

   #Contents of .htaccess
   
   
   
   RewriteEngine on
   
   RewriteCond %{HTTP_REFERER} !^http://foo.com/.*$ [NC]
   
   RewriteCond %{HTTP_REFERER} !^http://www.foo.com/.*$ [NC]
   
   RewriteRule .(mp4|mp3|avi)$ - [F]
   
   

   
   

Now the source link is useless, but we still need to make sure any user attempting to download the file cannot be directly served the file.

3. 
   

   For a more complete solution, now serve the video with a flash player (or html canvas) and never link to the video directly. To just remove the right click menu, add to your HTML:

   
   
   

   <body oncontextmenu="return false;">
   
   

   
   

The Result:

www.foo.com/player.html will correctly play video, but if you visit www.foo.com/videos/video.mp4:

Error Code 403: FORBIDDEN

This will work for direct download, cURL, hotlinking, you name it.

This is a complete answer to the two questions asked and not an answer to the question: "can I stop a user from downloading a video they have already downloaded."

As a client-side developer I recommend to use blob URL,
blob URL is a client-side URL which refers to a binary object

<video id="id" width="320" height="240"  type='video/mp4' controls  > </video>

in HTML leave your video src blank,
and in JS fetch the video file using AJAX, make sure the response type is blob

window.onload = function() {

    var xhr = new XMLHttpRequest();

    xhr.open('GET', 'mov_bbb.mp4', true);

    xhr.responseType = 'blob'; //important

    xhr.onload = function(e) {

        if (this.status == 200) {

            console.log("loaded");

            var blob = this.response;

            var video = document.getElementById('id');

            video.oncanplaythrough = function() {

                console.log("Can play through video without stopping");

                URL.revokeObjectURL(this.src);

            };

            video.src = URL.createObjectURL(blob);

            video.load();

        }

    };

    xhr.send();

}

Note: This method is not recommended for large file

EDIT

• Use cross-origin blocking for avoiding direct downloading




• if the video is delivered by an API Use different method (PUT/POST) instead of 'GET'

PHP sends the html5 video tag together with a session where the key is a random string and the value is the filename.

ini_set('session.use_cookies',1);

session_start();

$ogv=uniqid(); 

$_SESSION[$ogv]='myVideo.ogv';

$webm=uniqid(); 

$_SESSION[$webm]='myVideo.webm';

echo '<video autoplay="autoplay">'

    .'<source src="video.php?video='.$ogv.' type="video/ogg">'

    .'<source src="video.php?video='.$webm.' type="video/webm">'

    .'</video>'; 

Now PHP is asked to send the video. PHP recovers the filename; deletes the session and sends the video instantly. Additionally all the 'no cache' and mime-type headers must be present.

ini_set('session.use_cookies',1);

session_start();

$file='myhiddenvideos/'.$_SESSION[$_GET['video']];

$_SESSION=array();

$params = session_get_cookie_params();

setcookie(session_name(),'', time()-42000,$params["path"],$params["domain"],

                                         $params["secure"], $params["httponly"]);

if(!file_exists($file) or $file==='' or !is_readable($file)){

  header('HTTP/1.1 404 File not found',true);

  exit;

  }

readfile($file);

exit:

Now if the user copy the url in a new tab or use the context menu he will have no luck.

You can at least stop the the non-tech savvy people from using the right-click context menu to download your video. You can disable the context menu for any element using the oncontextmenu attribute.

oncontextmenu="return false;"

This works for the body element (whole page) or just a single video using it inside the video tag.

<video oncontextmenu="return false;" controls>...</video>

+1 simple and cross-browser way:
You can also put transparent picture over the video with css z-index and opacity.
So users will see "save picture as" instead of "save video" in context menu.

We ended up using AWS CloudFront with expiring URLs. The video will load, but by the time the user right clicks and chooses Save As the video url they initially received has expired. Do a search for CloudFront Origin Access Identity.

Producing the video url requires a key pair which can be created in the AWS CLI. FYI this is not my code but it works great!

$resource = 'http://cdn.yourwebsite.com/videos/yourvideourl.mp4';

$timeout = 4;



//This comes from key pair you generated for cloudfront

$keyPairId = "AKAJSDHFKASWERASDF";



$expires = time() + $timeout; //Time out in seconds

$json = '{"Statement":[{"Resource":"'.$resource.'","Condition" {"DateLessThan":{"AWS:EpochTime":'.$expires.'}}}]}';     



//Read Cloudfront Private Key Pair

$fp=fopen("/absolute/path/to/your/cloudfront_privatekey.pem","r"); 

$priv_key=fread($fp,8192); 

fclose($fp); 



//Create the private key

$key = openssl_get_privatekey($priv_key);

if(!$key)

{

    echo "<p>Failed to load private key!</p>";

    return;

}



//Sign the policy with the private key

if(!openssl_sign($json, $signed_policy, $key, OPENSSL_ALGO_SHA1))

{

    echo '<p>Failed to sign policy: '.openssl_error_string().'</p>';

    return;

}



//Create url safe signed policy

$base64_signed_policy = base64_encode($signed_policy);

$signature = str_replace(array('+','=','/'), array('-','_','~'), $base64_signed_policy);



//Construct the URL

$url = $resource.'?Expires='.$expires.'&Signature='.$signature.'&Key-Pair-Id='.$keyPairId;



return '<div class="videowrapper" ><video autoplay controls style="width:100%!important;height:auto!important;"><source src="'.$url.'" type="video/mp4">Your browser does not support the video tag.</video></div>';

Using a service such as Vimeo: Sign in Vimeo > Goto Video > Settings > Privacy > Mark as Secured, and also select embed domains. Once the embed domains are set, it will not allow anyone to embed the video or display it from the browser unless connecting from the domains specified. So, if you have a page that is secured on your server which loads the Vimeo player in iframe, this makes it pretty difficult to get around.

First of all realise it is impossible to completely prevent a video being downloaded, all you can do is make it more difficult. I.e. you hide the source of the video.

A web browser temporarily downloads the video in a buffer, so if could prevent download you would also be preventing the video being viewed as well.

You should also know that <1% of the total population of the world will be able to understand the source code making it rather safe anyway. That does not mean you should not hide it in the source as well - you should.

You should not disable right click, and even less you should display a message saying "You cannot save this video for copyright reasons. Sorry about that.". As suggested in this answer.

This can be very annoying and confusing for the user. Apart from that; if they disable JavaScript on their browser they will be able to right click and save anyway.

Here is a CSS trick you could use:

video {

    pointer-events: none;

}

CSS cannot be turned off in browser, protecting your video without actually disabling right click. However one problem is that controls cannot be enabled either, in other words they must be set to false. If you are going to inplament your own Play/Pause function or use an API that has buttons separate to the video tag then this is a feasible option.

controls also has a download button so using it is not such a good idea either.

Here is a JSFiddle example.

If you are going to disable right click using JavaScript then also store the source of the video in JavaScript as well. That way if the user disables JavaScript (allowing right click) the video will not load (it also hides the video source a little better).

From TxRegex answer:

<video oncontextmenu="return false;" controls>

    <source type="video/mp4" id="video">

</video>

Now add the video via JavaScript:

document.getElementById("video").src = "https://www.w3schools.com/html/mov_bbb.mp4";

Functional JSFiddle

Another way to prevent right click involves using the embed tag. This is does not however provide the controls to run the video so they would need to be inplamented in JavaScript:

<embed src="https://www.w3schools.com/html/mov_bbb.mp4"></embed>

The

<body oncontextmenu="return false;"> 

no longer works. Chrome and Opera as of June 2018 has a submenu on the timeline to allow straight download, so user doesn't need to right click to download that video. Interestingly Firefox and Edge don't have this ...

Short Answer: Encrypt the link like youtube does, don't know how than ask youtube/google of how they do it. (Just in case you want to get straight into the point.)

I would like to point out to anyone that this is possible because youtube does it and if they can so can any other website and it isn't from the browser either because I tested it on a couple browsers such as microsoft edge and internet explorer and so there is a way to disable it and seen that people still say it...I tries looking for an answer because if youtube can than there has to be a way and the only way to see how they do it is if someone looked into the scripts of youtube which I am doing now. I also checked to see if it was a custom context menu as well and it isn't because the context menu is over flowing the inspect element and I mean like it is over it and I looked and it never creates a new class and also it is impossible to actually access inspect element with javascript so it can't be. You can tell when it double right-click a youtube video that it pops up the context menu for chrome. Besides...youtube wouldn't add that function in. I am doing research and looking through the source of youtube so I will be back if I find the answer...if anyone says you can't than, well they didn't do research like I have. The only way to download youtube videos is through a video download.

Okay...I did research and my research stays that you can disable it except there is no javascript to it...you have to be able to encrypt the links to the video for you to be able to disable it because I think any browser won't show it if it can't find it and when I opened a youtube video link it showed as this "blob:https://www.youtube.com/e5c4808e-297e-451f-80da-3e838caa1275" without quotes so it is encrypting it so it cannot be saved...you need to know php for that but like the answer you picked out of making it harder, youtube makes it the hardest of heavy encrypting it, you need to be an advance php programmer but if you don't know that than take the person you picked as best answer of making it hard to download it...but if you know php than heavy encrypt the video link so it only is able to be read on yours...I don't know how to explain how they do it but they did and there is a way. The way youtube Encrypts there videos is quite smart so if you want to know how to than just ask youtube/google of how they do it...hope this helps for you although you already picked a best answer. So encrypting the link is best in short terms.

It seems like streaming the video through websocket is a viable option, as in stream the frames and draw them on a canvas sort of thing.

Video streaming over websockets using JavaScript

I think that would provide another level of protection making it more difficult for the client to acquire the video and of course solve your problem with "Save video as..." right-click context menu option ( overkill ?! ).

Here's what I did:

function noRightClick() {

      alert("You cannot save this video for copyright reasons. Sorry about that.");

}

    <body oncontextmenu="noRightClick();">

    <video>

    <source src="http://calumchilds.com/videos/big_buck_bunny.mp4" type="video/mp4">

    </video>

    </body>

We could make that not so easy by hiding context menu, like this:

<video oncontextmenu="return false;"  controls>

  <source src="https://yoursite.com/yourvideo.mp4" >

</video>

@Clayton-Graul had what I was looking for, except I needed the CoffeeScript version for a site using AngularJS. Just in case you need that too, here's what you put in the AngularJS controller in question:

    # This is how to we do JQuery ready() dom stuff

    $ ->

        # let's hide those annoying download video options.

        # of course anyone who knows how can still download

        # the video, but hey... more power to 'em.

        $('#my-video').bind 'contextmenu', -> 

            false

"strange things are afoot at the circle k" (it's true)