Iframe Detector · Free iframe checker for Chrome

Every iframe on any page.One tap away.

Iframe Detector is a free Chrome extension that checks, detects and highlights every iframe on any page — same-origin, cross-origin, ads, hidden trackers. Copy, inspect, export. Built for developers and QA.

Add to Chrome — free See how ↓

0: URLs tracked
176KB: installed size
3: export formats

What counts

Every iframe, named.

video embed

ad slot · 300×250

payment widget

newsletter signup

social embed

tracking pixel · 1×1 · hidden

Features

Everything you need, nothing you don't.

Instant scan

Checks and counts every iframe, visible or hidden, the moment the tab loads.

Origin breakdown

Color-coded: same-origin, cross-origin, ad slots and trackers.

In-page highlight

Draws a dashed outline around each frame with an origin-tinted badge.

Copy & inspect

One click copies the URL or opens the full <iframe> tag.

Three exports

JSON, CSV, or Markdown — fits whatever tool you use next.

Privacy-first

Anonymous, aggregate-only usage events (e.g. 'popup opened') — no URLs, no page content, no PII.

Three steps.

Install
One click from the Chrome Web Store — no account, no setup.
Scan
Open any page, click the toolbar icon. Check every iframe in the list — visible, hidden, cross-origin.
Ship
Copy a URL, toggle highlights, or export the full list in three formats.

One tool, many jobs.

Ad audit

Check and separate real content from tracking pixels in one glance.

QA checklist

Check every embedded frame — each one is a test surface. See the full set.

Security sweep

Check for hidden iframes, 1×1 pixels, suspicious origins — all flagged instantly.

Export

Three formats. One click.

.json

Structured · full attributes

.csv

Spreadsheet · one row per frame

.md

Markdown · paste into a ticket

Guides · code-first reference

Iframes, explained.

Short, paste-ready answers to the questions developers actually ask about iframes — detecting them, finding hidden ones, sandboxing, lazy-loading, and stopping clickjacking. Every snippet works as-is in DevTools.

Tutorial · Detection

How to detect iframes

Three working ways to find every iframe on a page — a one-liner in DevTools, an enriched audit script, and a one-click extension. With code you can paste right now.

5 min read Security · Audit

Find hidden iframes

The patterns invisible iframes use to hide — display:none, 1×1 pixels, off-screen tricks — and how to surface every single one in seconds.

4 min read Reference · JavaScript

Am I inside an iframe?

The one-line JavaScript check that tells you whether your page is being framed — with the live answer right on this page, the caveats, and how to prevent framing.

3 min read Security · Attack & defense

Clickjacking — and how to stop it

How a transparent iframe can hijack any click. A working proof of concept, the four defense headers that matter, and how to check whether your own site is vulnerable.

6 min read Reference · Sandbox

iframe sandbox attribute

Every sandbox flag, what it allows, what it blocks, and the one combination you should never write. With real recipes for embedding user HTML, payment widgets, and third-party scripts.

7 min read Reference · Quick lookup

iframe cheat sheet

Every iframe attribute, every sandbox flag, every Permissions-Policy feature, every defense header — on one page. Bookmark-it reference, paste-ready snippets, no fluff.

8 min read

See all 9 guides

Questions.

How do I check iframes on a webpage?

Install the free Iframe Detector extension, open any page, and click the toolbar icon. Every iframe — visible, hidden, same-origin, cross-origin — is checked and listed instantly. No account, no setup.

Does it work on any site?

Yes — it reads the DOM of whichever tab is active. No extra permissions beyond the current tab.

Are hidden iframes detected?

Yes. One-pixel trackers, display:none, and visibility:hidden frames all show up and are flagged.

What does "ad / tracker" mean?

A small heuristic flags frames loaded from known ad-tech and analytics domains. You can see the raw origin too.

Is any data sent anywhere?

Only anonymous, aggregate feature-usage events (e.g. which button was clicked). No URLs, no iframe contents, no page data — see the Privacy page.

Can I automate exports?

Yes — the popup exposes JSON, CSV, and Markdown downloads that drop into most audit and ticketing tools directly.

Does it work in incognito?

Toggle "Allow in incognito" from chrome://extensions — the extension keeps the same zero-network stance there.

Ready to see every iframe?

Add to Chrome — free

Enjoying Iframe Detector?

It's free, ad‑free, and built in spare evenings. If it saved you time on a debug session, consider buying me a coffee — it keeps the project moving.

Buy me a coffee