Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

how to block website from loading in iframe?

Tags:

javascript

html

jquery

youtube

iframe

Recently i tried to load youtube website in an iframe, but i checked that it's not worked. i used this simple code.

<!DOCTYPE html> <html> <head> <title></title> </head> <body> <iframe width="1000px" height="700px" src="http://www.youtube.com" ></iframe> </body> </html>

  1. i want to know , why my webpage can't load youtube website in iframe..

  2. what code i use to load the youtube website in my webpage.

  3. how i use same techniq in my website, so no one can add my website in iframe.

like image 870
Rishi Kumar Avatar asked Nov 07 '13 17:11

Rishi Kumar

People also ask

How do I restrict an iframe?

Thankfully, the ability to restrict iframes is supported by IE 10, Firefox, Chrome, and Safari. It's called the sandbox attribute. Just adding the sandbox attribute is enough to severely lock down an iframe.

Does iframe block page load?

Whereas iframes are typically used to include one HTML page within another, the Script in Iframe technique leverages them to load JavaScript without blocking, as shown by the Script in Iframe example.

How do I stop a page from being Iframed?

There are two primary methods: 1.) Sending an X-Frame-Options HTTP response header that instructs the browser to disable framing from other domains. An example of using PHP to send the X-Frame-Options header.

2 Answers

For modern browser, need to enable X-Frame-Options in Header, The x-frame-options header can be implement through web server configuration settings.

You can view the X-Frame-Options in Header as like below image, enter image description here

Reference: https://www.keycdn.com/blog/x-frame-options/

If your browser does not support it, then you will have NO clickjacking defense in place and can use HTTP Header Field X-Frame-Options,

  <meta http-equiv="X-Frame-Options" content="deny">

There are three possible values for X-Frame-Options:

DENY - The page cannot be displayed in a frame, regardless of the site attempting to do so.

SAMEORIGIN - The page can only be displayed in a frame on the same origin as the page itself.

ALLOW-FROM uri - The page can only be displayed in a frame on the specified origin.

like image 85
Krish R Avatar answered Sep 24 '22 05:09

Krish R

As of April 2016 the accepted answer by Krish R no longer works. Most browsers now ignore the meta tag as recommended by RFC 7034.

The correct way to implement this header is to have it sent with the document by the server. See the mozilla documentation on X-Frame-Options for details.

like image 37
mwoodman Avatar answered Sep 21 '22 05:09

mwoodman
Sign in to Comment

Related questions

Expected onClick listener to be a function, instead got type object - react redux
How to match the character '<' not followed by ('a' or 'em' or 'strong')?
Most efficient way to generate a really long string (tens of megabytes) in JS
js override console.log if not defined
Override all JavaScript events bound to an element with a single new event
Is it possible to get reference to comment element/block by JavaScript?
Prevent JavaScript keydown event from being handled multiple times while held down
Override WooCommerce Frontend Javascript
Difference between include and block in Jade
Turbolinks causing a "jquery-ujs has already been loaded!" error
Javascript: %s or %d represents string?
Calling async function in main file
Why does HTML 5 not have editable combobox or local menus built in? [closed]
Create array in cookie with javascript
Get image src with jQuery
$(document).scroll is not firing in IE8 only
object vs. primitive
How do I redirect to the current page using JavaScript?
RegEx for maximum length in JavaScript
Disable-Click on Legend in HighCharts Column Graph

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!