How do I use the HTML IFRAME element to embed content?

Question

<!DOCTYPE html>
<html>
<head>
    <title>My favorite app</title>
</head>
<body>

<iframe src="https://stackoverflow.com/questions/36047483/parsing-a-websites- 
html-tags-in-iframe"></iframe>

<div class="title">My App</div>
<div class="app">
    <div class="image"><img src="images/app.png" alt="this is a 
    screenshot" class="image"></div>
</div>
</body>
</html>

i tried to use iframe tag but it doesn't work and a blank section is appeared as that image. the blank section that appears to me in the browsers.

score 1 · Answer 1 · edited Aug 03 '18 at 21:21

1

That's because Stack Overflow disallows use inside a frame by setting X-Frame-Options to sameorigin... So only is allowed as iframe inside Stack Overflow itself, not from your code.

Long version: When your browser try to access that URL from Stack Overflow, Stack Overflow returns some headers, one of them is X-Frame-Options: sameorigin, that instructs your browser to disallow to display that URL inside an IFrame, so your browser refuse to do it. Its a SO server config (you can't do anything about it).

edited Aug 03 '18 at 21:21

Heretic Monkey

11,687
7
53
122

answered Aug 03 '18 at 20:14

Pipe

2,379
2
19
33

your answer is too short to understand can you clarify it. – ahmed okka Aug 03 '18 at 20:18

Tsundoku · Answer 2 · 2018-08-10T10:38:04.950

The Stack Overflow page you reference in the src attribute is not displayed in the iframe element because the Stack Overflow site implements an iframe blocking policy. In order to do this, it uses the X-Frame-Options. (See also how to block website from loading in iframe?.)

You can check whether a site implements this policy by inspecting its HTTP headers. For example, in Firefox, press F12 to open the inspection tools, then go to Network, select one of the objects that were sent over HTTP and look at the headers (or filter the headers for e.g. "x-frame"). Below is what this looks like for the URL you tested:

Notice x-frame-options: SAMEORIGIN in the lower right part of the screenshot. With x-frame-options: SAMEORIGIN or x-frame-options: DENY set on the server side, you will not be able to load pages from that site inside an iframe or a frame.

For more background, see X-Frame-Options – How to Combat Clickjacking, which also explains other values that can be used in the x-frame-options header.

If you want to test with a webpage from a server that does not block loading in iframes, try for example https://wiki.archlinux.org/index.php/Tomcat.

that's a very good answer that is exactly what i need thanks for you — ahmed okka, Aug 03 '18 at 20:52

How do I use the HTML IFRAME element to embed content?

2 Answers2