Possible to prevent our website from running inside another domain's frameset or IFrame?

Question

We\'ve been having an problem recently where other sites are running our e-commerce site inside a frameset where our site (with the offenders affiliate id tacked on) is the only

Answer 1

Take a look at this article. It offers a fairly simple solution for detecting frames and breaking out of them.

How to Break Out of Frames with JavaScript

In addition, I would take it one step further. Whenever you detect a frame, grab the affiliate ID of the offending site framer, and push that to the server with AJAX along with the URL they are using. Then, either automatically or manually, you can verify that they are framing your site, and cancel their affiliate code one at a time.

Answer 2

I've heard of solutions to this problem being referred to as a "frame popper script". A quick google comes up with this thread. Looks like this is one of the simplest:

if (window != top) top.location.href = location.href; 

Answer 3

Just guessing here...but what if you use javascript to call your parent window to access its document object ? You could check if its not null, and if there is a parent window (meaning a frame loaded your site), you could hide all your html through javascript...

Answer 4

I believe the proper modern method to achieve this is with The X-Frame-Options response header.

From the MDN:

The X-Frame-Options HTTP response header can be used to indicate whether or not a browser should be allowed to render a page in a frame or iframe. Sites can use this to avoid clickjacking attacks, by ensuring that their content is not embedded into other sites.

Take a look at: How to prevent IFRAME from redirecting top-level window