Menu
I am trying to use an iframe to connect to my website form another domain. I use Sec-Fetch-Dest to know if the website is being called from the iframe or not.
This works good on Google Chrome but seems to not work on Firefox ! How can I make this work form firefox too ? is there any other way to find out if the website is being called from the iframe ?
492
asked Nov 24 '25 11:11
According to MDN, this is not supported on Firefox or Safari (or IE, but no surprises there!) at present:
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Sec-Fetch-Dest
More peculiarly, the page there does not even mention 'iframe' as a possible value, though both Chrome and Edge are supplying that as you have observed. The specification for these Sec-Fetch headers is still a working draft though (with an editor from Google), so I guess Chrome is forging ahead, and Edge is just along for the Chromium ride. For reference, here's the current draft spec:
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Sec-Fetch-Dest
Unfortunately, I am not aware of any reliable way to detect requests inside an iframe coming from Firefox. If you control the initial src URL for the iframe, you could include a query parameter, but this will naturally not carry forward with any navigations inside the frame thereafter.
187
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
