I want to identify if a PHP script is being called inside an iframe of a different host. I could resort to using Javascript for that, but I'd like to find a JS-free solution first.
Right now I'm using this logic:
If $_SERVER['HTTP_HOST']
is not equal to the host name of $_SERVER['HTTP_REFERER']
And $_SERVER['REDIRECT_STATUS']
is defined
Then the script is being called from inside an iframe on a different host.
I know this is by no means accurate, but it passed all tests so far.
Does somebody know a better solution, an extra condition I could check to be sure of this?
Thanks.
SOLVED:
Finally, I decided to go with JS. Now the two alternative contents are each inside a <div>
and a JS script decides which one to show and which one to hide.