How to check if website is loadable in iframe

Question

I need to check, if website in iframe is loaded properly. On my website, users can POST custom website, which will show them in iframe. But some websites are protected from insert to iframe (such as google or facebook).

How can I check, if is website loadable in iframe and can be used in iframe?

PS: I haven't show any code, because I have no code and no idea how to do it. (My website runs on Java, so no Apache or PHP).

possible duplicate of [Detect X-Frame-Options](http://stackoverflow.com/questions/21263418/detect-x-frame-options) — Farid Nouri Neshat, May 12 '14 at 08:50
BTW, how can you flag this as duplicate, when I am not running on PHP? — Patrik Krehák, May 20 '14 at 08:37

score 4 · Answer 1 · edited May 23 '17 at 11:47

4

Check HTTP response header for X-Frame-Options. Facebook sends X-Frame-Options=DENY, which means "The page cannot be displayed in a frame, regardless of the site attempting to do so."

The X-Frame-Options HTTP response header can be used to indicate whether or not a browser should be allowed to render a page in a <frame>, <iframe> or <object>. Sites can use this to avoid clickjacking attacks, by ensuring that their content is not embedded into other sites.

Check this: Accessing the web page's HTTP Headers in JavaScript

edited May 23 '17 at 11:47

Community

1
1

answered May 12 '14 at 07:07

Chankey Pathak

21,187
12
85
133

1

No. You need to check the Headers the website sends *you*. You can use [get_headers](http://us3.php.net/manual/en/function.get-headers.php). Or do you want javascript? http://stackoverflow.com/questions/220231/accessing-the-web-pages-http-headers-in-javascript – s-ol May 12 '14 at 07:20
1

Sorry, I forgot to say, that my website runs on Java. I have no Apache or PHP. – Patrik Krehák May 12 '14 at 07:22
1

+1. This is a perfectly fit answer to the question. Why the downvote? In fact it is the question which is unclear. – Abhitalks May 12 '14 at 07:23
http://www.mkyong.com/java/how-to-get-http-response-header-in-java/ for Java, or the stackoverflow answer I linked above if you want to do this dynamically in js. – s-ol May 12 '14 at 07:23
There's also JS, which is much simpler, that can undo iframes: `if ( location.href != parent.location.href ) { parent.location.href = location.href; }` How do you check for that? – Rudie May 12 '14 at 07:27
@abhitalks I didn't downvote... Thanks guys, I will try all possibilities. – Patrik Krehák May 12 '14 at 07:30
This generally wouldn't work in JavaScript, which is what I think the questioner is actually asking about because the request would probably be denied due to Access Control Allow Origin restrictions. I'm not sure there is a good answer to this question. But this one definitely isn't one. – aychedee May 12 '14 at 07:31

How to check if website is loadable in iframe

1 Answers1