Iframe checker tools,
compared.
We make an iframe checker, so this is not an unbiased comparison — but it is honest. Five ways to inspect the iframes on a webpage, what each is good at, what each is missing, and which to pick for which job. (Spoiler: most casual checks belong in DevTools; most repeated audits belong in an extension; one-off security work belongs in a custom script.)
The five options
1. DevTools Elements panel
Open DevTools, switch to Elements, search (Ctrl/Cmd + F) for iframe. The tree shows every iframe in the DOM. Hovering one highlights the element on the page; right-click for additional actions.
Good at: understanding the structural relationship between iframes and their parents, jumping straight to a frame to inspect attributes. Bad at: giving you a flat list, classifying origins, telling you which frames are hidden or which are trackers, exporting anything.
2. DevTools Console snippets
The one-liner everyone knows:
document.querySelectorAll('iframe')And the enriched version that returns size, origin, visibility:
Array.from(document.querySelectorAll('iframe')).map(f => ({
src: f.src || '(blank)',
size: `${f.offsetWidth}x${f.offsetHeight}`,
visible: f.offsetParent !== null && f.offsetWidth > 0,
sandbox: f.getAttribute('sandbox'),
}));Good at: precision, scripting, transferring to your own automation. Bad at: the friction of pasting on every new site, plus you have to maintain the snippets yourself. See the dedicated how-to guide for more recipes.
3. Iframe Detector (our extension)
The reason this page exists. One click on the toolbar icon and the popup shows every iframe on the active tab — sources, sizes, visibility flags, sandbox attributes, same/cross/ad/tracker classification, in-page highlight overlay, export to JSON / CSV / Markdown. Watches the DOM with a MutationObserver so frames added after page load are included.
Good at: being one click. The lowest friction option for repeated audits. Bad at:automation (it's a UI tool — for scripted pipelines you want the console approach below).
4. Wappalyzer, Ghostery, Privacy Badger
These are different products solving adjacent problems. Wappalyzer tells you what technology stack a page uses (React, GTM, Stripe, HubSpot). Ghostery and Privacy Badger detect and block third-party trackers. Neither gives you a flat list of every iframe on the page with sizes and visibility.
Good at: their actual job. Bad at: iframe-specific auditing, because that is not what they do.
5. Custom MutationObserver script
If you are building an audit pipeline that runs against many pages programmatically — for example, a continuous integration step that flags new tracker iframes on your marketing site — you write your own observer. The skeleton:
const seen = new Set();
const record = f => seen.add({ src: f.src, size: `${f.offsetWidth}x${f.offsetHeight}` });
document.querySelectorAll('iframe').forEach(record);
new MutationObserver(records => {
for (const r of records) {
for (const n of r.addedNodes) {
if (!(n instanceof HTMLElement)) continue;
if (n.tagName === 'IFRAME') record(n);
n.querySelectorAll?.('iframe').forEach(record);
}
}
}).observe(document.body, { childList: true, subtree: true });Good at: automation, integration into CI, custom logic. Bad at: day-to-day human use — too much friction to wire up just to poke at a single page.
Side-by-side comparison
| Capability | DevTools Elements | DevTools Console | Iframe Detector | Wappalyzer / Ghostery | Custom MutationObserver |
|---|---|---|---|---|---|
| Lists every iframe on the page | PartialDOM tree, you have to dig | YesquerySelectorAll('iframe') | YesOne click in popup | NoNot what it does | YesIf you wire it up |
| Counts hidden / 1×1 / off-screen frames | NoNot surfaced | PartialNeeds an extra filter | YesExplicit HIDDEN badge | NoNo | PartialNeeds explicit checks |
| Origin classification (same / cross / ad / tracker) | NoSource URL only | PartialYou write the heuristic | YesBuilt-in classifier | PartialDifferent problem | PartialYou ship the lists |
| Highlights frames on the page | PartialHover in Elements panel | NoNo | YesIn-page overlay toggle | NoNo | PartialYou write the CSS |
| Export (JSON / CSV / Markdown) | NoNo | Partialconsole.table → copy | YesAll three, one click | NoNo | PartialJSON.stringify only |
| Watches for late-loaded iframes | PartialTree updates live | NoStatic NodeList | YesMutationObserver inside | NoNo | YesThat is its job |
| Works across multiple pages | YesRe-open per page | YesRe-paste per page | YesOne click per tab | YesAlways on | YesIf you load it everywhere |
| Friction per use | PartialOpen DevTools each time | PartialPaste script | YesOne toolbar click | YesPassive | NoMaintain the script |
| Privacy (does the tool itself send your data anywhere?) | YesLocal | YesLocal | YesAnonymous events only — no URLs | PartialVendor-specific | YesYours to define |
| Free | YesShips with browser | YesBuilt-in | YesFree, MIT | PartialFree tier; paid plans | YesYour time |
Which to pick
- You are debugging one specific frame right now. Open DevTools, find it in Elements, read its attributes. Done.
- You need a flat list and an export. Iframe Detector for a UI; console snippet for a script.
- You audit the same set of sites every week. Iframe Detector — the friction savings dominate.
- You are building automated reporting against many pages. Custom MutationObserver script driven by Playwright or Puppeteer.
- You actually want to block trackers, not just see them. Ghostery, Privacy Badger, or uBlock Origin. Iframe Detector inspects; it does not block.
Frequently asked questions
Free, MIT-licensed, no paid tier, no in-extension upsells, no ads. It sends only anonymous aggregate feature-usage events (which button was clicked) via Google Analytics 4 — no URLs, no iframe contents, no page data. We make it because we like good tools, not because there is a business model.
You can. It is free, ships with the browser, and shows you every iframe in the DOM. What it does not give you: a flat list of iframes (you have to expand the tree), origin classification (same vs cross vs ad vs tracker), explicit hidden-frame flags, copy/export, or any kind of summary. For a one-off check it is enough; for repeated audits it is slow.
Different problem. Those tools classify the technology stack of a page ("this site uses React, GTM, and HubSpot") or block third-party trackers. They do not give you a flat list of every iframe on the page with sizes and visibility, which is what an iframe audit needs. They are good complements, not replacements.
Yes — if you do this once. If you do it on multiple sites every week, the friction of pasting and re-pasting adds up. The extension is, ultimately, the MutationObserver script plus a UI plus export plus origin classification, packaged into one click. Use whichever matches your frequency.
Slightly. On your own site you have the source code and can search for the iframe declarations directly — useful, but does not catch late-loaded frames added by scripts. On a third-party site you only have the runtime DOM, which means an iframe-listing tool is your only option. The recommendations above lean towards runtime tools for both, because runtime is what users actually see.