Summary

Drupal 8+ has a feature built into core that stops the site from being rendered within an iframe, there are good reasons for this - https://www.drupal.org/node/2514136
But sometimes you want your site in an iframe, so that's what this module does, based on configured paths (whitelist / blacklist).

Requirements

  • None beyond core

Configuration

  • /admin/config/system/allow_iframed_site Enter paths you want to allow or deny iFrames access to.

Similar modules

In contrast to this module, they are typically not path-based, but provide further functionalities. That's the main difference.

Credits

Supporting organizations: 
BlueFusion
Paid time
DROWL.de
proudly helps to maintain this module for the Drupal community

Project information

  • caution Seeking new maintainer
    The current maintainers are looking for new people to take ownership.
  • caution Maintenance fixes only
    Considered feature-complete by its maintainers.
  • Project categories: Security
  • chart icon1,398 sites report using this module
  • Created by andyd328 on , updated
  • shieldStable releases for this project are covered by the security advisory policy.
    Look for the shield icon below.

Releases

3.0.4 Stable release covered by the Drupal Security Team released 28 July 2025
Works with Drupal: ^10.2 || ^11
Install:

Development version: 3.0.x-dev updated 23 Jun 2025 at 08:01 UTC

Using Composer to manage Drupal site dependencies