Knowing if a script is called from an iframe on another host in PHP (hopefuly without Javascript)

Question

I want to identify if a PHP script is being called inside an iframe of a different host. I could resort to using Javascript for that, but I'd like to find a JS-free solution first.

Right now I'm using this logic:

If $_SERVER['HTTP_HOST'] is not equal to the host name of $_SERVER['HTTP_REFERER']
And $_SERVER['REDIRECT_STATUS'] is defined
Then the script is being called from inside an iframe on a different host.

I know this is by no means accurate, but it passed all tests so far.
Does somebody know a better solution, an extra condition I could check to be sure of this? Thanks.

SOLVED: Finally, I decided to go with JS. Now the two alternative contents are each inside a <div> and a JS script decides which one to show and which one to hide.

Answer 1

Does somebody know a better solution

To my knowledge not without JS, no. A referer different from HTTP_HOST could however also mean that the page was reached through a link, and of course both fields can be easily spoofed.