To prevent an iframe from adding entries to the browser's history, you can use the sandbox attribute with the allow-same-origin value. The sandbox attribute allows you to restrict various features of an iframe, including its ability to navigate and modify the browser's history.
When the allow-same-origin value is present, the iframe can still interact with its own origin (the same domain as the parent page), but it cannot create new history entries when the content within the iframe changes.
Here's an example of how to use the sandbox attribute in an iframe:
html<!-- Parent page with the iframe -->
<!DOCTYPE html>
<html>
<head>
<title>Parent Page</title>
</head>
<body>
<!-- Add sandbox attribute to prevent history manipulation -->
<iframe src="https://example.com/your-iframe-page" sandbox="allow-same-origin"></iframe>
</body>
</html>
In this example, the iframe will load the page from https://example.com/your-iframe-page, and it won't be able to create new entries in the browser's history when its content changes.
Please note that using the sandbox attribute may restrict other features of the iframe as well, depending on the additional values you provide. Always consider the security implications of embedding external content in an iframe and use the sandbox attribute carefully. If you need more fine-grained control over the iframe's behavior, you can use the Content-Security-Policy header on the server-side to specify the allowed behaviors for the iframe.