There is a site page. It has a block with a cap, below there is an iframe. The frame loads the main page of different sites.

The iframe code itself looks like this:

<iframe src="<?= $_GET['linkdemopage'];?>" frameborder="0" allowfullscreen></iframe>

In <?= $_GET['linkdemopage'];?> Accordingly, a link to another site comes.

With a successful download, the page loads, not all sites. Most pages look like this: enter image description here

    1 answer 1

    If the site will return the title:

     x-frame-options SAMEORIGIN

    That site will not be displayed in the iframe.

    Title options:

    deny does not load the page at all.

    sameorigin does not load if the source does not match.

    allow-from: DOMAIN, you can specify the domain from which the page can be loaded into the frame.

    For example, this is done through htaccess (if Apache) and mn .:

     <IfModule mod_headers.c> Header always append X-Frame-Options SAMEORIGIN </IfModule>

    Specifically, ru.stackoverflow.com returns the following header:

    enter image description here

    • @AlexanderSemikashev I understand correctly that downloading all sites does not work and the reason for this is the headlines, right? - Kyper
    • one
      @Kyper Yes, you correctly understood, the site returns the title with the ban on display in the iframe. It seems like there are workarounds, but I was not interested in them. - Alexander Semikashev
    • @Kyper BUT, I note that if the site returns such a title, the site will not be displayed in the Yandex metrics web viewer. That is, even in Yandex, no action is taken. - Alexander Semikashev