homepage Welcome to WebmasterWorld Guest from
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Visit PubCon.com
Home / Forums Index / Google / Google SEO News and Discussion
Forum Library, Charter, Moderators: Robert Charlton & aakk9999 & brotherhood of lan & goodroi

Google SEO News and Discussion Forum

This 87 message thread spans 3 pages: 87 ( [1] 2 3 > >     
Google Image Search Busts Frame Busters?

 8:04 pm on Dec 1, 2011 (gmt 0)

Did Google just started busting frame busters? I've double checked my code, but it doesn't work for Google Images now.



 8:24 pm on Dec 1, 2011 (gmt 0)

I'm not seeing this, at least with the version of results I'm seeing. I'm using the following JS code:

if (parent.frames.length > 0) { parent.location.href = location.href; }

 8:29 pm on Dec 1, 2011 (gmt 0)

Mine works fine. I use an onload event

<body onLoad="init();breakout_of_frame();">

here's the script:

function breakout_of_frame()

if (top.location != location) {
top.location.href = document.location.href ;


 9:16 pm on Dec 2, 2011 (gmt 0)

My code is;


and it doesn't work for Google Image using webkit browsers. I've tried Safari/Chrome on Lion and Chrome on Vista. I've also tried your methods and no luck. It does work for bing image search on same browser, but not for Google image search.

And just to make sure, I've changed it to;


and it worked for bing, not for google (Chrome 15.0.874.121 m on Windows, Safari 5.1.2 on Mac, Chrome 15.0.874.121 on Mac)

Firefox/IE seems to be fine.


 10:01 pm on Dec 2, 2011 (gmt 0)

I'm Glad you brought this up, google image search traffic went down 50% from 1-dec, and I was wondering why... I'm using

if (top.location != self.location) {

and it doesn't work anymore for G. Although it works for Bing.


 10:14 pm on Dec 2, 2011 (gmt 0)

Any idea on how to replace the original image(one that shows up in the preview) with another one that is smaller in size. I have large images, and it takes long for them to load in that relatively small frame. I did research before placing the code, and remember well G saying that as long as the image brings users to the page where it is they have no problem with frame busing :(


 3:35 am on Dec 3, 2011 (gmt 0)

Well, apparently Google Image started iframing using "sandbox" - an HTML5 attribute, which disables scripts on the page.


 5:39 am on Dec 3, 2011 (gmt 0)

Ok, now they use sandbox allow-top-navigation flag, which allows the frame to navigate inside the iframe only.

Although this still varies depending on what browser and which country level G you use.


 12:01 pm on Dec 3, 2011 (gmt 0)

I was using something a tad more sophisticated to thwart proxy sites that were stripping the common frame busting code and a few other cases where the traditional frame busting failed.

if ( top.location.href.substr(0,mydomain.length) != mydomain ) { eval( "top." + "location.href" + "= '" + mydomain + "';" ); }

This no longer works in Google...

Back to the old drawing board!

I had a solution for Yahoo! back in the day, it was server side and nasty, maybe I'll use that on Google.


 12:27 pm on Dec 3, 2011 (gmt 0)

Why don't you use the HTTP headers from the server end

the modern browsers should support it.

Or you're desperate to use the javascript breakout and the endless frame counter-buster game?


 12:41 pm on Dec 3, 2011 (gmt 0)

I use...

<script type="text/javascript">
if (top!= self) top.location.replace(self.location.href);

And it still works with Google using IE6 and Firefox 8.0


 1:49 pm on Dec 3, 2011 (gmt 0)

X-Frame-Options would just show a blank page, it won't bust the frame.

Google disables javascript on browsers that support sandbox, so none of the script based solutions work.

BTW, frame buster also doesn't work on iPad.


 1:52 pm on Dec 3, 2011 (gmt 0)

X-Frame-Options would just show a blank page, it won't bust the frame.

Yes I know what's your objective? To restrict access from outside the domain or to try and pull-in the visitors to your domain? The js path is a cat and mouse game.


 10:24 am on Dec 6, 2011 (gmt 0)

we need better code, which should work in all major browsers.

i am wondering, if this will be possible by putting some directive from server side as javascript is disabled by sandbox directive of HTML5 ?


 11:17 am on Dec 6, 2011 (gmt 0)

Hrmm. I see what you all mean. Google Chrome is affected but Firefox isn't yet (at least the versions I have installed). At the moment, I haven't figured out a server-side way of breaking out of the frames. I'm working on it and if I figure out something, I'll be sure to post back here!

If Google wants to serve my content without giving any benefit to me for producing it, it looks like I might pull the plug on Googlebot-image (again).

The js path is a cat and mouse game.

Except that mouse is now 6 feet under, forever.


 1:33 pm on Dec 6, 2011 (gmt 0)

Only Firefox is not following the Sandbox directive and one can redirect using JS.

But, if server side thing is done, it won't be browser dependent (not sure if it will be possible).


 7:08 pm on Dec 6, 2011 (gmt 0)

incrediBILL, would you mind sharing your server-side solution, at least the general idea? I'm having trouble figuring out how that would work. You could check the referrer in .htaccess and redirect if the visitor is referred by Google Images, but that would just redirect within the iframe which is no help.

How do you redirect the parent window from the server side? Is there a way to trick the browser into executing a bit of JS despite the sandbox tag?


 8:11 pm on Dec 6, 2011 (gmt 0)

The only redirection that works, on client side, is meta refresh, but you can't set a target and you can't break the iframe. I've tried

<meta http-equiv="Window-Target" content="_top">
<meta http-equiv="Refresh" content="1; url=http://...">

and sending Window-Target header, but none worked.


 10:17 pm on Dec 6, 2011 (gmt 0)

levo, it doesn't work. Just like a server-side 301 doesn't work: it redirects to whatever you want within the same frame you're trying to break out of. Completely useless.

I would suggest completely blocking Googlebot-image via robots.txt, but if you already have scrapers up your bottom, I'd suggest you continue to allow Google unless your bandwidth costs are too high.

I blocked Google-image for 3 month from what I used to rank for. Mostly Indian sites were then ranking for stolen images that were MINE. I have subsequently relisted my images and gained back almost 70% of my old rankings. Unfortunately, most of those rankings are useless to me because these images are supported by ads. If I don't have this miniscule portion of of ad income, I can no longer afford to setup interviews or buy a couple of beers and setup an interview for the celebrities from my country. If I can no longer afford to produce more content of this nature, then the scrapers Google relies on for content will also no longer be able to produce content, making Google completely stale.

If you think that isn't so bad, people like us will no longer be able to provide content to the likes of Wikipedia. 17 of the 87 pages of one section of my site 'provide' content to Wikipedia. Is that fair us? I digress.

If the thieves from Wikipedia get a pass, and now even Google itself are permitting and essentially facilitating the theft of content, then the Internet that we know is over and some kind of revolt is in order.


 10:44 pm on Dec 6, 2011 (gmt 0)

There is a HTTP header to stop your site being framed called the X-Frame-Options. Not sure if that will stop it for images though.

Browsers that support it
•Firefox with the NoScript add-on

Also an interesting article about frame busting here by a group at Stanford University. [seclab.stanford.edu...] (PDF 1,106KB)

[edited by: Dijkgraaf at 10:55 pm (utc) on Dec 6, 2011]


 10:55 pm on Dec 6, 2011 (gmt 0)

"There is an* HTTP header" to stop this kind of thing. As was already mentioned, an X-Frame-Options option has been discussed.

The Stanford link is dated and only vaguely relevant. Thanks for your contribution. Unfortunately it does not help anyobody here :(


 11:16 pm on Dec 6, 2011 (gmt 0)

Why would they do such a thing, if a webmaster dont get its visits, of cause we then block google image, why should we allow them to steal our images. Today I have noticed even more visits from Bing image.

One more thing I dont see this happen to my sites, my still breaks the frame and why would google not have that, issent it a search engine where people can find other sites.


 11:38 pm on Dec 6, 2011 (gmt 0)

The reason why anyone using an iframe for another site would implement the sandbox attribute is to prevent others from executing a malicious script - that's why the sandbox attribute was created and that's also why browser makers support it.

It does have this other nasty effect, however, of essentially stealing a site's intellectual property. The only way the inage owner gets traffic to their site now is if the user clicks on the image from the search page, then clicks on the [x] to close the pop-up box and reveal the original website page. That's not going to happen very often.


 4:11 pm on Dec 7, 2011 (gmt 0)

The trouble with the X-FRAME-OPTIONS header is that, as I understand it, it just prevents page from being framed. That's fine, but what you really want with Google Image Search is to redirect to your page, not block it from being framed. If you want out of Google Images completely you can just block the image bot.

Admittedly this sort of defeats Google's purpose in framing the content in the first place, but that's kind of the point. From a content provider perspective, it's not a very good purpose, in that it amounts to stealing your content and displaying it on their site.

At this point I'm tempted to opt out. Image search has never been a very good source of quality traffic anyway, and now it's pretty much useless.

The only other option I can think of would be to serve a different image to the image bot with a watermark of some kind including the URL of the page with the original, something along the lines of "to get this image without this text on it, go to www.example.com/image.html".


 4:35 pm on Dec 7, 2011 (gmt 0)

The only other option I can think of would be to serve a different image to the image bot

If you need to advertise the images yes that's the next logical option. Other vendors do just that they use a thumbnail so they don't waste many resources and in case of thumbs you don't care so much because you're the holder of the original full quality image. If they copy just the thumb I believe it helps you.


 8:52 pm on Dec 7, 2011 (gmt 0)

Your phrasing is ambiguous. Are you trying to block Google Image Search (GIS) framing your site? Are you trying to ensure that Googlebot sees your images despite your framebusting? Are you trying to block image thieves without blocking Googlebot?

If you want to ensure that Googlebot sees your images, your server could test for Googlebot and emit slightly different pages to Googlebot. Such as omitting Javascript which would otherwise block a bot (yes, I know Googlebot knows some JS), or feeding Googlebot thumbnails/low-resolution instead of a full 5MB image. I don't think Google's wording currently forbids such actions which don't affect the experience of a real user, although I'd rather feed the full resolution image to Googlebot so it can tell searchers that my site has the good stuff. (I've done similar things, such as feeding a text-only version of a page to Googlebot rather than the more popular frames-within-frames version which would be hard for Googlebot to do text parsing in.)


 9:12 pm on Dec 7, 2011 (gmt 0)

Add the following code in HEAD section:-

<script type="text/javascript">
if(top!= self) {
document.write ("<form name=fb action='http://www.webmasterworld.com/' target=_parent>");
document.write ("</form>");
document.fb.submit ();

Replace webmasterworld.com with your site :)

Please let me know, if it works.


 11:47 pm on Dec 7, 2011 (gmt 0)

does not work in chrome, next :D

and thanks for your help


 1:59 am on Dec 8, 2011 (gmt 0)

This is the one I use. Works with Google, Bing. With !Y it does not bust the frame unless, you click the image. Works on iPad.

<script language="JavaScript" type="text/javascript">
if (top.frames.length!=0)

Also an interesting article about frame busting here by a group at Stanford University. [seclab.stanford.edu...] (PDF 1,106KB)

That is where I got my frame buster from. Good article and good read.

Perhaps someone else cares to test it further see if it works on other browsers or devices. Chrome, etc.


 5:49 am on Dec 8, 2011 (gmt 0)

The two fundamental problems here are:

1) You cannot run a script in a sandboxed frame in Chrome (probably other browsers to follow) - so none of the deframing methods that we currently use will work. (note that adsense doesn't display behind an image etc)

2) Google hotlinks to full size images making us bare the costs of display our images out of context - and frame-breaking scripts will gradually diminish in effectiveness.

I don't know the click-through rate from google images to pages, but I thinks it's low (~10%) and image thieves have already dragged and dropped your image onto their desktop for use in whatever... note that any image protection (except watermarking) you may use is also circumvented by google images.

So we have a number of choices that we will eventually have to take;

1) Ban google from our images.

2) Use our webservers to stop hotlinked images (technical solution)

3) Class action against google for copyright infringement - as their current usage is not fair use by any stretch of the law... (wishful thinking here...)

4) Attempt to get the media to report on this unfair behaviour... but from the perspective of a user who wants an image to use on a blog or homework assignment - the current interface makes it easier, so it's popular.

A number of us have been warning about this for a while...

Jan 30th 2010 - [webmasterworld.com...] - I first saw the current interface in Asia

Jul 19th 2010 - [webmasterworld.com...] - around this time the new interface was released globally

This 87 message thread spans 3 pages: 87 ( [1] 2 3 > >
Global Options:
 top home search open messages active posts  

Home / Forums Index / Google / Google SEO News and Discussion
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved