Skip to content

Instantly share code, notes, and snippets.

@johnfmorton
Last active November 27, 2023 19:35
Show Gist options
  • Save johnfmorton/240e3a468a94dfd67af99656faafd133 to your computer and use it in GitHub Desktop.
Save johnfmorton/240e3a468a94dfd67af99656faafd133 to your computer and use it in GitHub Desktop.
Don't allow your page to be rendered in an iframe.
<!DOCTYPE html>
<html>
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>Don't iFrame Me, Bro.</title>
<style type="text/css">
body {
background: white;
font-size: 2rem;
}
</style>
<script type="text/javascript">
document.addEventListener("DOMContentLoaded", function() {
if (top.location !== location) {
// Clear the body content and append a div with the warning message
document.body.innerHTML = ''; // Clears the existing content
var warningDiv = document.createElement('div'); // Create a new div element
warningDiv.innerHTML = 'This page cannot be embedded'; // Set the warning message
document.body.appendChild(warningDiv); // Append the div to the body
}
});
</script>
</head>
<body>
<p>This page is on the intended server. Try to embed it in an iframe at <a href="https://iframetester.com/">iframetester.com</a>.</p>
<p>If you can set your headers, X-Frame-Options: NONE or X-Frame-Options: SAMEORIGIN, that would be even better.</p>
</body>
</html>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment