To prevent an iframe from adding entries to the browser's history, you can use the
sandbox attribute with the
allow-same-origin value. The
sandbox attribute allows you to restrict various features of an iframe, including its ability to navigate and modify the browser's history.
allow-same-origin value is present, the iframe can still interact with its own origin (the same domain as the parent page), but it cannot create new history entries when the content within the iframe changes.
Here's an example of how to use the
sandbox attribute in an iframe:
<!-- Parent page with the iframe --> <html> <head> <title>Parent Page</title> </head> <body> <!-- Add sandbox attribute to prevent history manipulation --> <iframe src="https://example.com/your-iframe-page" sandbox="allow-same-origin"></iframe> </body> </html>
In this example, the iframe will load the page from
https://example.com/your-iframe-page, and it won't be able to create new entries in the browser's history when its content changes.
Please note that using the
sandbox attribute may restrict other features of the iframe as well, depending on the additional values you provide. Always consider the security implications of embedding external content in an iframe and use the
sandbox attribute carefully. If you need more fine-grained control over the iframe's behavior, you can use the
Content-Security-Policy header on the server-side to specify the allowed behaviors for the iframe.