Build Protection and Domain Locking
To help protect the integrity of developers’ work, spawnd strongly recommends implementing domain-level protection and code-level obfuscation — even when dealing with game demos. While demos may not carry the same commercial risk as full games, we believe they deserve the same level of care: they represent your studio’s creative output and marketing effort. spawnd implements its own platform-level safeguards, but developers are also expected to take appropriate steps during the build process to ensure that their WebGL content is not easily copied, tampered with, or embedded outside of approved environments.
Recommended Protection Strategies
1. Domain Locking via Unity WebGL Template
Restrict where your game can run by adding a domain check in your custom index.html:
if (!window.location.hostname.endsWith("spawnd.gg")) {
document.body.innerHTML = "Unauthorized domain.";
}More about template customization:
https://docs.unity3d.com/Manual/webgl-templates.html
2. Unity's Built-in Build Protection Features
Unity provides several options for making your WebGL output harder to reverse engineer:
- IL2CPP (default for WebGL): Transpiles C# code to native C++, then compiles to WebAssembly. Much harder to reverse engineer than Mono builds.
- Code Stripping: Remove unused code from the final build via Managed Stripping Level = "High".
- Symbol Map Stripping: In Player Settings → WebGL → uncheck “Decompression Fallback” and remove
.symbols.jsonfiles before publishing.
More info:
https://docs.unity3d.com/Manual/webgl-building.html
https://docs.unity3d.com/Manual/IL2CPP-BytecodeStripping.html
3. Obfuscation and Third-Party Protection
Additional hardening can be applied via external tools, such as via Unity Asset Store obfuscator plugins, making your source code harder to understand and reverse engineer.
Updated about 1 month ago