I want to disable iframe embedding pages, from my website to other websites and I make this js:
<script type="text/javascript">
if(document.referrer.indexOf("mydomain.com") != -1) {
window.location = "http://www.youtube.com/watch_popup?v=oHg5SJYRHA0";
}
</script>
Script works, but I have page01.php and page02.php
I want in page01.php source code insert iframe for page02.php
<iframe src="page02.php"></iframe>
When I do this I, got redirection to:
http://www.youtube.com/watch_popup?v=oHg5SJYRHA0
How to solve this? Thanks
So how do you prevent other websites or attackers from loading your website in an iFrame? There are two primary methods: 1.) Sending an X-Frame-Options HTTP response header that instructs the browser to disable framing from other domains.
Just adding the sandbox attribute is enough to severely lock down an iframe. With this attribute set, the document inside the iframe cannot do any of the following: Run any JavaScript, even if it would only affect contents of the iframe.
IFrames pose a security risk to your business because they can be used to deliver malicious code -- such as a virus, trojan or spyware -- to your computer. IFrames are also used to show pop-under ads and to set cookies on your computer that survive even after you clear cookies from your browser.
I would suggest you to use the X-Frame-Options header. If you are using nginx you can add this line in the server or location block:
add_header X-Frame-Options "SAMEORIGIN";
When you add this header, a modern browser will deny the request if someone tries to load your page in a frame. Note that this will not work in older browsers.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With