How To Allow DDOS Protection Check Through Iframe?


I allow site B to use portions of my content through iframe. When in under attack mode, iframe’s on site B display a blank frame. However if I visit site A, go through Cloudflare verification check, then go back to site B, iframes will indeed work.

How do I enable site B so cloudflare can verify the user through iframe?

Do this make site A any less secure?

Thank you.


When you visit Site A, then back to Site B, you’ve already set the cookie on your Site A visit, so the iframe will work on Site B.

Seeing how the iframe is called from the visitor’s browser, I don’t see an easy way to get around this. If it’s just one particular page on Site A that’s being framed, you could add a Page Rule to turn off Under Attack mode for that one URL.


Thanks SDayMan. I’ve seen the verification check being done in an iframe before but can’t provide a working example at the moment. :confused: Could there be an xframe options setting I could put. I’m going to try to read of that again.

closed #4

This topic was automatically closed after 14 days. New replies are no longer allowed.