X-Frame-Options
is a response header sent by the server, so have your server perform an HTTP GET on the URL you'd like to test, see if the X-Frame-Options
header is present, and if it is... judging by the spec you're not likely to be allowed to embed it at all.
How to check if the URL is iframe embeddable in PHP?
-
28-06-2022 - |
Question
Some websites are not allowed to be embedded via iframe. They produce the following error:
Refused to display 'https://news.ycombinator.com/news' in a frame because it
set 'X-Frame-Options' to 'DENY'.
Our app allows URL submissions from users. We want to check on the server side if the website could be embedded in iframe and add a corresponding flag. On the client we check for the flag, and either do iframe embed or just provide a direct link to a webpage.
How do I check whether website will support iframe or not?
Solution 2
OTHER TIPS
Try this code:
$url = "http://www.google.com/";
$url_headers = get_headers($url);
foreach ($url_headers as $key => $value)
{
$x_frame_options_deny = strpos(strtolower($url_headers[$key]), strtolower('X-Frame-Options: DENY'));
$x_frame_options_sameorigin = strpos(strtolower($url_headers[$key]), strtolower('X-Frame-Options: SAMEORIGIN'));
$x_frame_options_allow_from = strpos(strtolower($url_headers[$key]), strtolower('X-Frame-Options: ALLOW-FROM'));
if ($x_frame_options_deny !== false || $x_frame_options_sameorigin !== false || $x_frame_options_allow_from !== false)
{
echo 'url prevent iframe!';
}
}
I wrote this function:
function allowEmbed($url) {
$header = @get_headers($url, 1);
// URL okay?
if (!$header || stripos($header[0], '200 ok') === false) return false;
// Check X-Frame-Option
elseif (isset($header['X-Frame-Options']) && (stripos($header['X-Frame-Options'], 'SAMEORIGIN') !== false || stripos($header['X-Frame-Options'], 'deny') !== false)) {
return false;
}
// Everything passed? Return true!
return true;
}
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow