Make webpage not embeddable

Question

I'm developing a PHP website and it's crucial that some of its webpages, which are user generated, must be not embeddable in an iframe on other domains unless I want to.

Is there a way to accomplish this? I noticed i.e. that Vimeo offers premium users to set a list of domains on which a video can be embedded, so I imagine that this is possible in some ways, despite I haven't found anything around...

Thanks!

use mask in ur url, control access by using login credential system... — user1844933, May 21 '15 at 14:41

score 1 · Accepted Answer · answered May 21 '15 at 14:51

You could include a javascript-code on pages that are not allowed as/in iframes, that redirects the top-frame and the iframe becomes useless in most cases.

if ( window.self !== window.top ) {
    window.top.location.href = window.location.href;
}

Most modern Browsers also respect the header-field X-FRAME-OPTIONS that can be set to DENY (page did not get displayed inside frames) or SAMEORIGIN (same as DENY, but only if the domain is not the same).

score 0 · Answer 2 · answered May 21 '15 at 14:56

0

Have a look at the referrer.

if (!in_array($_SERVER['HTTP_REFERER'], $allowedReferers)) {
    // STOP !!!!
    echo "not today baby!";
    die();
}

// GO !!!!

answered May 21 '15 at 14:56

Kevin Nagurski

1,889
11
24

`$_SERVER['HTTP_REFERER']` is not always reliable => http://stackoverflow.com/a/6023980/ – Funk Forty Niner May 21 '15 at 14:58
@Fred-ii- yep, totally agree. Best to use a combination of PHP to look at `HTTP_REFERER` and JS to inspect things at the start of rendering. – Kevin Nagurski May 21 '15 at 15:05
Whoever came up with that directive, should've came up with a Plan-B lol – Funk Forty Niner May 21 '15 at 15:06

Make webpage not embeddable

2 Answers2