How to prevent embedding my web page inside an iframe?

Question

Possible Duplicate:
How to prevent my site page to be loaded via 3rd party site frame of iFrame

How can I prevent others from embedding my web page inside an iframe?

if i call my web page inside a iframe it will run.... i want to stop this... can u help me.. — user389055, Jul 19 '10 at 08:14
If you have access to .htaccess, you can set it to add the X-Frame-Options: Deny header. Solutions based on Javascript can be subverted by adding the sandbox attribute to the iframe tag, which blocks JS. The real problem is companies who provide a link, which goes to a proxy that fetches the page, strips it of anti-embedding measurements, and pass the result to the browser. The only solution I can think of is using a firewall to block those proxies to your website, which boils down to whack-a-mole. — Uri Raz, Mar 22 '23 at 11:08

robjmills · Answer 1 · 2010-07-19T10:06:27.423

13

Another solution:

if (window.top !== window.self) window.top.location.replace(window.self.location.href);

edited Jul 19 '10 at 10:06

answered Jul 19 '10 at 08:43

robjmills

18,438
15
77
121

+1 for conciseness and only using in-built functions – cEz Jul 19 '10 at 09:16

score 4 · Answer 2 · answered Jul 19 '10 at 08:12

4

With Javascript:

if(window.top==window){
    // not in iframe/frame
} else {
    if(parent.parent.someFunction){
       parent.parent.someFunction();
    } else {
       alert("parent.parent.someFunction() not defined.")
    }
}

answered Jul 19 '10 at 08:12

fabrik

14,094
8
55
71

Up-voted. Although I would re-direct to the actual web page in the else statement rather than throw a scary-looking alert message to the end user, whom may not understand what's going on. – Martin Bean Jul 19 '10 at 08:21
@Martin: Of course this one is an example. He can do anything in the statement. – fabrik Jul 19 '10 at 13:15

How to prevent embedding my web page inside an iframe?

2 Answers2

Linked