Forum Discussion
samstep
Aug 14, 2018Cirrocumulus
This is not easy as only the browser knows if a website is rendered in an iframe of a full window.
One way of getting that information is to use CSP (Content Security Policy) in Report-Only mode with the equivalent setting of X-FRAME-OPTIONS header and send reports to a CSP reporting service such as report-uri.com
Beware that if you find out that people are indeed "framing" your website they are just as likely to be hackers/attackers as legit customers - not quite sure how you would distinguish between them.