How to Clear Iframe From Web Pages

noiframe

I’ve experienced problems with malicious websites that display my web pages within an Iframe on their own sites. If you’re not familiar with what an Iframe is, it’s an HTML tag that can be used display another web page in a split view. The Iframe tag was very common in the late 90’s and early 00s, but these days it is rarely used on legitimate websites. It is normally used by spammy websites as a method of hijacking content from other websites. StumbleUpon uses Iframe for functionality of its StumbleBar, which is not considered stealing, but still a practice that is controversial to many webmasters.

There are a couple of ways you can clear Iframes on your web pages. Below I show you how it’s done using JavaScript or the HTACCESS file.

Using JavaScript

If  you wish to prevent your precious web pages from displaying within an Iframe, you can use a bit of JavaScript to clear it. Place this script just before the ending </head> tag in your HTML document:

<script type="text/javascript">
// Stop iFrame loading...
if ( top != self) {
top.location.replace(document.location);
alert("iframe is not allowed. Click OK to remove the frames.")
}
</script>

What this will do is display a page that says that “iframe is not allowed. Click OK to remove frames.” If the user selects OK, they are taken to the page without the iframe.

Using HTACCESS

Of course, JavaScript will only work on users who have JavaScript enabled in their web browsers. If that’s not good enough for you, you might want to kill the iframe from your HTACCESS file by using the X-Frame-Options response header.

If you’re running an Apache server and wish to disallow all iframes, you can add the following to your HTACCESS file.

Header append X-FRAME-OPTIONS "DENY"

If you use iframes on your website and wish to disallow iframes for all other websites other than your own, you can use the following code instead.

Header append X-FRAME-OPTIONS "SAMEORIGIN"

All the latest web browsers will recognize the use of X-Frame-Options and should not allow your pages to be iframed when using this code.

I hope this helps. Please leave questions or comments you may have below.

 

Published by Mitch Bartlett

I've been doing things on the Internet since 1994. Former dot-com era IT guy. Currently I provide technical solutions to people for fun and test software for a growing software company.

Join the Conversation

1 Comment

  1. This comment does not go with this topic. What I found was a badass link to firefox web browser for kindle! I just want to say THANK YOU! You made my life a little bit better!

Leave a comment

Your email address will not be published. Required fields are marked *