How would I force my page to be loaded only in an iframe

Question

I want to host a webpage that can only be served via iframes within my own domain.

An example of this in the wild would be Codepen. They sandbox the content of a "pen" in an iframe, but if you try to load the url from a browser it responds with an empty page.

I understand there might be multiple answers to this question but I'm hoping someone could point me in the right direction.

Would I be checking the referrer server side? Are there any other options?

one solution could be validating URL. – Albert Einstein May 31 '18 at 04:21 — Albert Einstein, May 31 '18 at 04:21

score 2 · Accepted Answer · answered May 31 '18 at 04:33

2

Referer is a good start for the server side.

Also you can try using CORS headers: Only allow iframe to load content

Or validating using client side javascript code: How to identify if a webpage is being loaded inside an iframe or directly into the browser window?

Also check info about referrerpolicy https://developer.mozilla.org/en-US/docs/Web/HTML/Element/iframe#attr-referrerpolicy

answered May 31 '18 at 04:33

F.Igor

4,119
1
18
26

So, @Pure, was this your final solution? – jaybro Jul 15 '22 at 18:49

How would I force my page to be loaded *only* in an iframe

1 Answers1

How would I force my page to be loaded only in an iframe