How to Break a Framed Redirect



Framed redirects are one of my biggest pet peeves on the web. You click on a link to visit a site, the site loads, and the URL in your address bar is different than what it should be.

Technically, a framed redirect works by loading a hidden framed page on top of a second framed page which displays the target content.

Imagine clicking on a link for Amazon, pulling up the Amazon website, but seeing the URL amazonblackhataffiliate.com in your address bar. You would be able to browse the entire Amazon site, make purchases, etc. but the URL in the browser bar would always display amazonblackhataffiliate.com. This is the experience of surfing a site through a framed redirect.

As a publisher this can be very frustrating. For starters, while your website is being viewed, some other URL is displayed in the address bar. Not only can this confuse visitors, but it can also rob you of valuable links.

To make matters worse, if you have secure pages and the hidden frame is not secure, the visitor will not see the secure icon activated in their browser. This may lead your visitors to believe that your conversion process is not secure.

In my opinion, from a publisher’s point of view framed redirects are just bad news.

Recently a coworker of mine (Phil Molter) came up with a little snippet of javascript which essentially breaks framed redirects. The code has been tested across multiple browser versions and as of the time of this posting didn’t cause any errors. The script works by stopping framed redirects when the page loads by forcing the page to reload without the hidden frame.

The end result is that the visitor sees the correct URL in the address bar and the hidden frame is gone.

Break Framed Redirects

There are a lot of tutorials showing how to create framed redirects for various purposes, but I wanted to share this little bit of knowledge with other publishers to help them keep sketchy webmasters from hijacking their customers’ address bars. Good luck!

  • http://chasinggoogle.blogspot.com/ Mobile guy

    This is a old trick to jump out from the frame, I’ve been using it almost 10 years ago.

  • http://www.giganews.com David Vogelpohl

    New to me :)

    We couldn’t find any good examples when we originally searched for a solution. This was modified off of something similar others were trying with less success.

  • http://www.exposedseo.com SEO guy

    In most cases they are cookie stuffing you and don’t actually want anyone to see a tiny frame in their websites. If affiliates would crack down on this, those sites will disappear naturally.

  • http://www.giganews.com David Vogelpohl

    Yeah, the elephant in the room on all this is the affiliate abuse going on behind the scenes. Most of the articles out there on framed redirects are instructions on how to use them to scam affiliate cookies in one way or the other.

  • http://www.gadgets4nowt.co.uk PS3

    I’m sure the affiliates would come out and publicly condemn hidden frames, whilst in the background rubbing their hands at the amount of commission those are earning them.

    That is a new bit of Javascript to me. I just wonder how visitor will feel when they see a page reloading and a new url in the address bar?

  • http://www.goodnightmoonfuton.com Futon-Matt

    I’ve never heard of this one before, thanks for the informative posts.

  • http://www.thevanblog.com Steven Bradley

    Nice reminder. I’d kind of forgotten about this problem with frames.

  • http://www.trbr.net Seomotion

    I hate Fremed redirects. Thanks for useful tips!

  • http://withheld FFEMT

    I’m with MobileGuy on this one. This trick has been around for a very long time. Might want to brush up on your google skils a little. I googled your code and found a bunch of examples exactly like the you claim Phil up with. A reminder of tricks like this is good, but to claim it’s your own is another.

  • http://www.giganews.com David Vogelpohl

    > Might want to brush up on
    > your google skils a little.

    Actually Phil did find these “old tricks” in various searches. When we tried the original versions of the code it caused security error messages in certain browsers.

    The version presented in this post did not generate those error messages.

    > A reminder of tricks like
    > this is good, but to claim
    > it’s your own is another.

    I’m not sure my post claims that this approach is unique. I just wanted to share a little bit of knowledge for those who didn’t have this in their quiver of development tools. I think if you re-read the post you’ll see what I mean.