You’re about to read an article about defeating paywalls, and somewhere around the middle of it a paywall is going to slam down across the page and demand €3.50. That is not a bug. It is the whole point. This page is wearing the exact disguise it’s here to unmask, and the only way to read the second half — the part with the actual instructions — is to do to this paywall what the article describes.
Consider it an open-book exam where the book is the exam.
The setup: you’re inside the experiment
Most people meet a paywall as a wall: you’re reading, it’s good, and then a frosted-glass panel drops over the text with a subscribe button and a price. The reflex is to assume the rest of the article is gone — locked in a vault on some server, handed out only to people with a valid login.
Sometimes that’s true. Very often it isn’t. A huge number of paywalls — especially on
smaller publishers, blogs, and “premium” content add-ons — are pure theatre. The full
article was already sent to your browser. Every word of it is sitting in the page right
now. The “wall” is a <div> with a shadow, painted on top, plus a few lines of
JavaScript that stop you scrolling. The text underneath isn’t protected. It’s just
covered.
This article is one of those. I built the paywall you’re about to hit out of the same parts the cheap ones use, on purpose, so you can see the trick from the inside.
Two kinds of paywall
The single most useful thing to understand is that “paywall” describes two completely different things that happen to look identical to a casual reader.
| Soft / client-side | Hard / server-side | |
|---|---|---|
| Where is the locked text? | Already in the page, hidden with CSS/JS | Never sent — the server withholds it |
| What stops you reading? | An overlay + a scroll lock | There is nothing to read; it isn’t there |
| Can a browser trick beat it? | Yes, trivially | No |
| What does it cost to build? | A bit of CSS and JavaScript | A backend, user accounts, per-request auth |
A hard paywall makes a decision on the server, for every single request: is this visitor a subscriber? If not, the server builds a version of the page that simply does not contain the premium paragraphs. They never travel across the network. No amount of poking at your own browser can reveal text that your browser was never given. This is what serious news organisations run — AD.nl, the New York Times, the Financial Times.
A soft paywall makes that decision in your browser, after it already downloaded everything. Which is a bit like mailing someone the whole letter and then asking them nicely to only read the top half.
Why soft paywalls leak
Once you see where the decision is made, the leak is obvious. The browser is not a vault you’re locked out of — it’s your machine, fully under your control, and it has already received the goods. The overlay is a sticker, not a safe.
There are really only three moving parts to a soft paywall, and each one is a soft target:
- The cover. A panel positioned over the text, usually with a gradient that fades the article into white so it looks truncated. It’s decoration. The text is full height underneath it.
- The clamp. The container holding the article is given a fixed maximum height with the overflow hidden, so the bottom is literally cut off from view. One CSS property.
- The lock. A line of script sets the page to non-scrolling so you can’t get past the cover. Also one property.
Remove those three and the article is just… an article. Nothing was decrypted. Nothing was fetched. You simply stopped honouring three instructions that were politely suggesting you not look.
And here’s the catch that makes this page a perfect teaching example: the part of this article that lists exactly which buttons to press is on the far side of the very wall you’re about to meet. So if you want it, you’ll have to walk through the door to read how the door works.
Go on. The instructions are right past here.
The bypass toolkit
You made it. If you’re reading this line, you either paid (thank you, the demo took your imaginary money) or you did one of the following — which is the actual lesson. None of these decrypts anything; each one just declines one of those three polite instructions.
- Turn off JavaScript. A soft paywall’s scroll-lock and, frequently, the overlay itself are injected by script. With JavaScript disabled for the page, the script never runs, the lock never engages, and very often the cover never appears — leaving the plain article behind it. (In most browsers: site settings → JavaScript → block, then reload.)
- Use Reader / distraction-free mode. Reader view rebuilds the page from just its article text and throws away overlays, fixed panels, and scripts in the process. The wall is page furniture; reader mode doesn’t invite the furniture.
- Inspect and delete the wall. Open developer tools, right-click the overlay panel,
and delete element. Then find the clamped container, switch off its
max-height/overflow, and set the page back to scrollable. The text underneath was there the whole time — you’ve just peeled the sticker off. - View source. Because the full article was delivered, the raw HTML contains the full article. “View page source” shows you the markup the server actually sent, wall and all, with every hidden paragraph in plain text.
- Read the archived copy. Public web archives crawl pages and store a snapshot. Those snapshots are frequently captured before — or without — the soft wall, so the archived version reads clean.
Every one of these works on this page, because this page is honest about being a soft wall. Try one. The fade and the panel above will evaporate and the rest of the text is right there.
Why none of this touches AD.nl
Now the deflating part, and the reason this article is educational rather than a how-to for freeloading. Point any of those five tricks at a real server-side paywall and you get nothing — not because they “blocked” the trick, but because there is no hidden text to uncover. Disable JavaScript on a hard paywall and you don’t reveal the article; you reveal a teaser, because a teaser is all the server ever sent you. View source and the premium paragraphs simply aren’t in the markup. Delete every overlay on the page and you’re left staring at the same teaser, now without decoration.
You cannot inspect-element your way to bytes that never crossed the wire. That’s the entire difference, and it’s why a publisher who cares about their paywall pays for the hard version. A soft paywall keeps out the incurious. A hard paywall keeps out everyone.
Read responsibly
Two honest notes to close on.
First, the ethics. Knowing that a soft paywall is theatre is genuinely worth understanding — it’s basic literacy about how the web actually delivers content, and it’s the same knowledge a developer needs to not ship a paywall that leaks. But journalism costs money, and the people writing it deserve to be paid. Use this to understand the mechanism, not to routinely rob the corner shop because you noticed the lock was plastic. If a publication is worth reading twice, it’s worth subscribing to.
Second, the takeaway if you’re the one building the wall: if your content matters, a client-side overlay protects nothing. The decision has to live on the server, and the premium text must never be sent to a visitor who hasn’t earned it. Anything else is a fade-to-white and a prayer.
If you’re reading this, you bypassed the paywall. That was the assignment. Lesson learned — now go subscribe to something good.