Why Are Website Forms in the <iframe> Tags Considered Suspicious?

In order to protect any website form the data sent by visitors must be transferred to the website where the CleanTalk Anti-Spam is installed. Any embedded content with forms that accept data from visitors most likely sends its traffic to the third-party servers bypassing the website backend the form is embedded on, which means the CleanTalk Anti-Spam can not see that transferring data and therefore can not filter it.

That's the reason why the CleanTalk Anti-Spam does not protect website forms embedded with <iframe> tags.

Please, take a look at the schemes below for a better understanding.

Scheme 1

CleanTalk scheme non-iframe form

Scheme 2

CleanTalk scheme iframe form

We recommend using other plugins for creating non-iframe website forms. The full list of such plugins that are supported by CleanTalk is here:

https://cleantalk.org/help/anti-spam-integrations

Moreover, the <iframe> tags might be used to confuse visitors and steal their data. The details are here in our blog post:

https://blog.cleantalk.org/exotic-http-headers/

If you haven't found the answer to your question, please, contact our support team:

https://cleantalk.org/my/support/open

Create an account

Your CleanTalk Dashboard