Home >Backend Development >PHP Tutorial >How can I detect if my website is embedded within an iframe?
Determining Page Embeddings in iFrames
Protecting your web pages from being embedded in third-party iFrames is crucial for various reasons. The question arises: how to detect such embeddings during page loading?
Server-Side Detection Limitations
The standard referrer request header is insufficient for this purpose. It only provides information about the previous page from which a request originated.
Client-Side Detection with JavaScript
Once a page is loaded, you can use JavaScript to check for embeddings. Comparing the top and self window objects reveals if the page is embedded in a frame. If they differ, the page is in a frame.
X-FRAME-OPTIONS Header
Modern browsers support the X-FRAME-OPTIONS header, which specifies whether a page can be loaded in a frame. Setting it to DENY prevents embedding, while SAMEORIGIN allows embedding only from the same domain as the top-level frameset holder.
Supported browsers with minimum versions include:
By implementing these mechanisms, you can protect your web pages from unauthorized embeddings and maintain control over how they are displayed.
The above is the detailed content of How can I detect if my website is embedded within an iframe?. For more information, please follow other related articles on the PHP Chinese website!