iframe busting

Iframe busting

Iframe busting is a technique used by website owners to prevent their websites from being loaded within an iframe on another site. This is commonly done to prevent clickjacking attacks, where an attacker overlays an iframe on top of a legitimate website to trick users into clicking on malicious content.

One popular method of iframe busting is to use JavaScript code that detects if the website is being loaded within an iframe and redirects the user to the original site if so. This code can be added to the website’s header to ensure that it is executed before the rest of the page loads.

Another method is to use the X-Frame-Options HTTP header, which can be set to DENY or SAMEORIGIN to prevent the website from being loaded in an iframe. This header is supported by most modern browsers and provides an extra layer of security against clickjacking attacks.

Overall, iframe busting is an important security measure that website owners can take to protect their users from malicious attacks and maintain the integrity of their websites.

• JavaScript code example: if (window.self !== window.top) { window.top.location = window.self.location; }
• X-Frame-Options header example: X-Frame-Options: DENY

For more information on iframe busting, you can visit the Wikipedia page.