How can I detect if my website is embedded within an iframe?

Determining Page Embeddings in iFrames

Protecting your web pages from being embedded in third-party iFrames is crucial for various reasons. The question arises: how to detect such embeddings during page loading?

Server-Side Detection Limitations

The standard referrer request header is insufficient for this purpose. It only provides information about the previous page from which a request originated.

Client-Side Detection with JavaScript

Once a page is loaded, you can use JavaScript to check for embeddings. Comparing the top and self window objects reveals if the page is embedded in a frame. If they differ, the page is in a frame.

X-FRAME-OPTIONS Header

Modern browsers support the X-FRAME-OPTIONS header, which specifies whether a page can be loaded in a frame. Setting it to DENY prevents embedding, while SAMEORIGIN allows embedding only from the same domain as the top-level frameset holder.

Supported browsers with minimum versions include:

• IE8 and IE9
• Opera 10.50
• Safari 4
• Chrome 4.1.249.1042
• Firefox 3.6.9 (older versions with NoScript)

By implementing these mechanisms, you can protect your web pages from unauthorized embeddings and maintain control over how they are displayed.

The above is the detailed content of How can I detect if my website is embedded within an iframe?. For more information, please follow other related articles on the PHP Chinese website!