How to prevent my site page to be loaded via 3rd party site frame of iFrame

php python iframe http-headers frame
abovesun picture abovesun · May 24, 2010 · Viewed 68.5k times · Source

How can I find out that my page is embedded as a frame to other site during page loading? I guess referrer request header can't help me here? Thanks.

Answer

Maerlyn picture Maerlyn · May 24, 2010

You cannot check it from the server's side, but you can use javascript to detect it after the page has loaded. Compare top and self, if they're not identical, you are in a frame.

Additionally, some modern browsers respect the X-FRAME-OPTIONS header, that can have two values:

  • DENY – prevents the page from being rendered if it is contained in a frame
  • SAMEORIGIN – same as above, unless the page belongs to the same domain as the top-level frameset holder.

Users include Google's Picasa, that cannot be embedded in a frame.

Browsers that support the header, with the minimum version:

  • IE8 and IE9
  • Opera 10.50
  • Safari 4
  • Chrome 4.1.249.1042
  • Firefox 3.6.9 (older versions with NoScript)

Related questions

Running a Python script from PHP

I'm trying to run a Python script from PHP using the following command: exec('/usr/bin/python2.7 /srv/http/assets/py/switch.py arg1 arg2'); However, PHP simply doesn't produce any output. Error reporting is set to E_…

Read More
What is a Python equivalent of PHP's var_dump()?

When debugging in PHP, I frequently find it useful to simply stick a var_dump() in my code to show me what a variable is, what its value is, and the same for anything that it contains. What is a …

Read More
What is for Python what 'explode' is for PHP?

I had a string which is stored in a variable myvar = "Rajasekar SP". I want to split it with delimiter like we do using explode in PHP. What is the equivalent in Python?

Read More