CODEWITHSUNDEEP
phpiframe
MrD
MrD

Reputation: 2481

How to find out which website are showing my website using iframe

Let's say we have two websites: A and B.

On website A there is a embeded iframe which is linked to website B (website A is serving website B using iframe).

Is there a way that website B knows that website A is serving it, and how to get that information using PHP? I want to know domain name and IP address of website A.

So my problem is that I don't know in advance where my website is going to be served, but I only want to find out who is serving it.

There is a way to provide URL get parameter to the iframe url. For example

<iframe src="http://mywebsite.com?url=commingFromWebsiteB"></iframe>

This way I can check if this iframe is embeded on website B using the following code:

$sourceWebsite=$_GET['url'];

But the problem is that admin of website B, can copy and paste this iframe on website C and leave this url parameter to be equal to 'commingFromWebsiteB' even if iframe is now displayed on website C which is not my partner.

Thx!

Upvotes: 4

Views: 1539

Answers (1)

Harald Doderer
Harald Doderer

Reputation: 108

Well you can check the referrer. Either by blacklisting or whitelisting. This example is for blacklisting if you know the "thief".

<script type="text/javascript">
if(document.referrer.indexOf("otherdomain.com") != -1) {
    window.location = "yourdomain.com/error.html";
}
</script>

on the other hand you can also create a whitelist in PHP and try to check before like this:

$show = false;
if (isset($_SERVER['HTTP_REFERER'])) {
    $array = parse_url($_SERVER['HTTP_REFERER']);
    if (strpos($array['host'], 'yourdomain.com') === false ){
        $show = false;
    } else {
        $show = true;
    }
}

if ($show == false){
    header('HTTP/1.0 403 Forbidden');
    exit('Forbidden');
}

Upvotes: 1

Related Questions