[bryanlarsen]

JWZ appears to use Apache, so he probably does something like http://www.htaccess-guide.com/deny-visitors-by-referrer/

[numpad0]

That is the way it was done back in the day, usually when admin wanted guests to not come through Google Search or to come through a correct word-of-mouth bouncer page. Client side JS implementations allow content to be viewed by blocking JS.