How to Prevent Third-Party Embedding of Your Website Pages via iFrames?

Preventing Third-Party Embedding via iFrames

You're seeking a solution to prevent unauthorized embedding of your website pages within other, third-party sites. The referrer request header is not suitable for detecting such scenarios.

JavaScript-Based Detection

Although detecting iFrame embedding from the server-side is impossible, you can utilize JavaScript after page load to identify it. By comparing the values of the "top" and "self" variables, you can determine if your page is loaded within a frame. If they differ, you are in an iFrame context.

Using the X-FRAME-OPTIONS Header

Modern browsers support the use of the X-FRAME-OPTIONS header, which has two primary values:

• DENY: Prevents the page from loading when embedded in a frame.
• SAMEORIGIN: Prevents embedding if the page and containing frame are not from the same domain.

Browser Support for X-FRAME-OPTIONS

The following browsers support the X-FRAME-OPTIONS header:

• IE8 and IE9 (minimum)
• Opera 10.50 (minimum)
• Safari 4 (minimum)
• Chrome 4.1.249.1042 (minimum)
• Firefox 3.6.9 (minimum) or older versions with NoScript

The above is the detailed content of How to Prevent Third-Party Embedding of Your Website Pages via iFrames?. For more information, please follow other related articles on the PHP Chinese website!