Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

How to prevent my site page to be loaded via 3rd party site frame of iFrame

Tags:

python

http-headers

php

iframe

frame

How can I find out that my page is embedded as a frame to other site during page loading? I guess referrer request header can't help me here? Thanks.

like image 392
Andriy Kopachevskyy Avatar asked May 24 '10 11:05

Andriy Kopachevskyy

People also ask

How do I restrict an iframe?

Thankfully, the ability to restrict iframes is supported by IE 10, Firefox, Chrome, and Safari. It's called the sandbox attribute. Just adding the sandbox attribute is enough to severely lock down an iframe.

How do I stop a page from being Iframed?

There are two primary methods: 1.) Sending an X-Frame-Options HTTP response header that instructs the browser to disable framing from other domains. An example of using PHP to send the X-Frame-Options header.

Can I hide content inside an iframe from an external domain?

Yes totally doable. Once you assign the parameter to a var, you could then do anything you want… like a hide() on an element. Here is a stack solution.

1 Answers

You cannot check it from the server's side, but you can use javascript to detect it after the page has loaded. Compare top and self, if they're not identical, you are in a frame.

Additionally, some modern browsers respect the X-FRAME-OPTIONS header, that can have two values:

  • DENY – prevents the page from being rendered if it is contained in a frame
  • SAMEORIGIN – same as above, unless the page belongs to the same domain as the top-level frameset holder.

Users include Google's Picasa, that cannot be embedded in a frame.

Browsers that support the header, with the minimum version:

  • IE8 and IE9
  • Opera 10.50
  • Safari 4
  • Chrome 4.1.249.1042
  • Firefox 3.6.9 (older versions with NoScript)
like image 148
Maerlyn Avatar answered Sep 29 '22 09:09

Maerlyn
Sign in to Comment

Related questions

How to join filesystem path strings in PHP?
How do I import a .sql file in mysql database using PHP?
How can strip whitespaces in PHP's variable?
500 Internal Server Error for php file not for html [duplicate]
Deny direct access to all .php files except index.php
PHPExcel Make first row bold
Laravel - Pass more than one variable to view
How to write a REST API?
Can I parameterize the table name in a prepared statement?
Upload Progress Bar in PHP
Who Add "_" Single Underscore Query Parameter?
What is the use of <<<EOD in PHP?
Check if cookies are enabled
Pre-installed Linux for Web Developers? [closed]
How can I get the error message for the mail() function?
Running composer in a different directory than current
Sending email with gmail smtp with codeigniter email library
PHP sessions default timeout [duplicate]
How to search a file in PhpStorm?
How to write to error log file in PHP [closed]

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!