It's inevitable, people are going to hotlink your website content.
I once believed an image response could shame or punish hotlinkers. It won't: others will hotlink your hotlink image for themselves. Your own effort redirected against you, like jujitsu.
Therefore, the most effective response is nothing; instruct our webserver to deny image requests that don't come from us. In the widely-used Apache webserver it's called a RewriteRule and it looks like this:
Contents of .htaccess file in your site's directory:
RewriteEngine On RewriteCond %{REQUEST_FILENAME} (jpe?g|gif|png)$ [NC] RewriteCond %{HTTP_REFERER} !^$ RewriteCond %{HTTP_REFERER} !^https?://([^.]+\.)*example.com/ [NC] RewriteRule (.*) - [F,L]
The lines translate to:
Notes:
There exist many better explanations of this technique.
By far the worst offenders are high-traffic msgboards that allow images. Users of these boards often do not even have their own site to host from, so hotlinking is the most straight-forward way of expressing themselves. A solution would be for msgboard sites to copy images hosted elsewhere and host them themselves, but that would cost them bandwidth. Another would be to require image URLs to be on a whitelist of domains that allow hotlinking, such as dedicated image hosting sites.
I've considered attempting to punish hotlinkers by redirecting requests back at them. We could target the offending page, or possibly some other target such as /, /favicon.ico, /style.css. The goal being to exact a hotlink-allowance tax in the form of bandwidth. We could even target an intentionally non-existing file on the host such as /some-really-long-rude-string-that-tells-them-not-to-allow-hotlinks-and-uses-up-as-much-disk-space-as-possible.jpg in order to accumulate offending entries in their webserver's error log. This concept seems a bit juvenile, but then so is the web.