Prevent your site from being "framed"

Shopping Cart Software Forum for Ecommerce Templates

Username:	Password:
Save Password
Forgot your Password?

Buy now for ...

Search our site

Support Forum Search

How it works

General help

All Forums

Technical

Advanced Tips and Tricks - NO QUESTIONS PLEASE

Prevent your site from being "framed"

New Topic

Reply to Topic

Printer Friendly

Author

Topic

Marshall
Ecommerce Template Guru

USA
1464 Posts

Posted - 08/19/2018 : 22:00:33

This problem is as old as the internet. Unscrupulous websites "frame" your website then surrond the page with ads or other junk which may have a negative impact on your site, and not just in sales, but reputation as well.

It use to be a simple JavaScript to the effect

<script type="text/javascript">
(function(window) {
  if (window.location !== window.top.location) {
    window.top.location = window.location;
  }
})(this);
</script>

solved the problem. But with more browsers blocking automatic redirects such as this (Chrome being one) using this script is problematic. Here is an alternative. If you cannot get out of the frame, no sense letting them use your site at all. Simply place this in the <head> of your page(s)

<style> html{display:none;} </style>
<script>
   if(self == top) {
       document.documentElement.style.display = 'block'; 
   } else {
       top.location = self.location; 
   }
</script>

What this simply does is stop the display of your page's content. Yes, you might be stuck in a frame, but your content cannot be taken advantage of. I have tested this and it works like a charm. But remember, nothing is 100%.

Marshall
CENLYT Productions - ms designs
Affordable Web Design
Custom Ecommerce Designs
Responsive Websites
Cenlyt.com

insight
ECT Moderator

USA
4102 Posts

Posted - 08/20/2018 : 07:28:30

You can also set a X-Frame-Options header

Peter

ServeLink
Professional ecommerce web hosting for ASP & PHP
https://servelink.com

Take a look at our image upload/resize tool for the ASP cart
https://servelink.com/clients/cart.php?gid=7

Marshall
Ecommerce Template Guru

USA
1464 Posts

Posted - 08/20/2018 : 07:39:21

Thanks Peter. Was not familiar with that one.

Marshall
CENLYT Productions - ms designs
Affordable Web Design
Custom Ecommerce Designs
Responsive Websites
Cenlyt.com

Positivek9
Ecommerce Template Guru

USA
4051 Posts

Posted - 08/20/2018 : 08:53:21

Found some info on that here:

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options

Julie
Owned & loved by 7 German Shepherds

Graham Slaughter
Ecommerce Template Expert

735 Posts

Pre-sales questions only

(More Details...)

Posted - 01/09/2019 : 09:00:30

For those of us on a Windows server it is as simple as adding this into your web.config file:
[code]
<add name="Content-Security-Policy" value="frame-ancestors 'none';" />
<add name="X-Frame-Options" value="deny" />
[/code]

Those lines must appear inside
[code]<configuration>
<system.webserver>
<httpProtocol>
<customHeaders>

(lines go here)

</customHeaders>
</httpProtocol>
</system.webserver>
</configuration>[/code]

You likely already have other bits inside your web.config, so you'll just add those lines inside the above tags and always ALWAYS test to see if your site works as errors in a web.config file will keep the entire site from loading at all.

Edited by - Graham Slaughter on 01/09/2019 09:00:54

Topic

New Topic

Reply to Topic

Printer Friendly

Shopping Cart Software Forum for Ecommerce Templates

This page was generated in 0.02 seconds.

Snitz Forums 2000