See all Insights

A Quick Guide to Restricted Content

Open, indexable, easily available and better yet, suggested, content is central to any content strategy intending to bring interested users (and Google bots) repeatedly back to a site. However, some content may be particularly valuable for its ability to generate qualified leads, or some may be sensitive or customized and require administrative approval for access. There are two general ways that we restrict such content by placing it behind a form of some kind: 

1) Remember me functionality is how we typically restrict access to downloadable assets like whitepaper pdfs. When accessing a link to a download, the user is faced with a form (hopefully as short as possible, with as few required fields as possible) asking for an email address at least, but usually a name, and maybe company name, title, and phone number.

When a complete form is submitted it sets a cookie in a visitor’s browser, which can allow that user to instantly access any similarly restricted resources on the site without being faced with a form again. The session cookie can be set to expire after a certain period of time, or not, and can be deleted by the user from their browser. Notification emails are sent to designated addresses, easily editable in the CMS.

Our forms will validate email addresses for the correct format (, and if we need to make sure that the address is valid, a link to the download can be emailed to that address rather than be made accessible on the site.

2) Extranet. The simple definition of an extranet is a restricted section of a website, accessible by user accounts. Where we typically use the remember me form functionality for lead generation and restricting access to downloads, an extranet involves a section of a site, whether it is one page or a whole section of the site’s navigation.  

These accounts can be set up and administered in different ways: by users with instant access, or by a central administrator who would answer requests for accounts and activate accounts, or they can be completely administered by site administrators, based on offsite interactions. It is possible for the account to be managed by users on site–passwords can be changed via email, password reminders sent, etc.

The content of an extranet can be content on web pages, including links to a wide variety of downloadable content assets, and one of the central questions defining extranet scope is whether the users will share the same content or have unique content per user or user group.

Extranet functionality depends on the “Users” section of our site’s CMS. CMS users are the Site Administrator group (we at Newfangled for the most part use the System Administrator group – we have access to a few more specialized tabs), extranet user groups are managed as part of the same mechanism, which is why when testing extranet functionality it is sometimes necessary to use a completely cleared browser and not be logged into the CMS.


In a recent project I found it really helpful to diagram our plans for a new site’s possible download scenarios. All these options are indeed represented and notated in the prototype, but it helped to create this one page to focus exclusively and visually on the issue of restricted content.

Related Posts