Zapof Forms protects your IFRAME from Clickjacking attack. Without the Clickjacking protection, the attacker can embed your form into the attacker's site and add a transparency layer on top of the form. If the user clicks the submit button, she/he may click on a layer that belongs to the attacker. The attacker "hijacks" the clicks meant for the form and route them to another page. Zapof Forms will only display the form on your website when you provide the domain name of your website that serves the webpage where you embed the IFrame.
To embed a form as an IFRAME to your website:
While you are editing the form, click the ‘Share’ button.
Enter the domain name of your website (without https) such as www.example.com.
- If your website also uses naked domain, such as example.com, please enter both domains with and without www.
- If you use sub-domains to serve the web pages where the IFrame is, include all sub-domains separated with commas, such as www.example.com, example.com, one.example.com, two.example.com
- If your website is non-secure (http), include the http protocol, such as http://www.example.com