How to Prevent Unauthorized iFrame Embedding of Your Webpage?

Preventing Unauthorized iFrame Embedding of Your Webpage

Question: How can I safeguard my web page against unauthorized embedding within iFrames hosted on third-party websites?

Answer:

While identifying the presence of an iFrame embedding your page from the server-side is technically infeasible, you can employ JavaScript to perform this check after the page has loaded. By comparing the "top" and "self" window objects, you can determine if your page is being rendered within an iFrame.

Furthermore, some modern browsers offer support for the X-FRAME-OPTIONS header, which provides additional control over iFrame embedding. This header accepts two values:

• DENY: Prohibits the page from being displayed if it is inserted into an iFrame.
• SAMEORIGIN: Restricts iFrame embedding to pages belonging to the same domain as the parent frame.

Utilizing the X-FRAME-OPTIONS header, you can prevent unauthorized framing of your content. Browsers that support this header include:

• IE8 and IE9
• Opera 10.50
• Safari 4
• Chrome 4.1.249.1042
• Firefox 3.6.9 (with NoScript extension for older versions)

The above is the detailed content of How to Prevent Unauthorized iFrame Embedding of Your Webpage?. For more information, please follow other related articles on the PHP Chinese website!