Wondering if there's a way to detect a page load was done inside a frame, iframe, etc. (likely via JavaScript) and if so, what are the limits of such a detection system?
Asked
Active
Viewed 805 times
1 Answers
6
if (top.location.href != window.location.href) {
alert("In A Frame");
}
The limit is if JavaScript is turned off it won't work.
You can also use the X-Frame-Options HTTP header. This header tells a web browser whether or not to allow a web page to be framed in another web page. This includes <frame> and <iframe> tags.
There are two possible values for this header:
DENY - This setting prevents any pages served from being placed in a frame even if it is on the same website it originates from. should be used if you never intend for your pages to be used inside of a frame.
SAMEORIGIN - This setting allows pages to be served in a frame of a page on the same website. If an external site attempts to load the page in a frame the request will be denied.
This header works in Internet Explorer 8.0, Firefox 3.6.9, Opera 10.50, Safari 4.0, and Chrome 4.1.
John Conde
- 86,484
- 28
- 150
- 244