Trackingcode in iframe target of an external site



I have a website ( where I have a webpage with a piwik tracking code. I want to include this site via iframe on another site (

In several browser I get the below error. Well, I know why (assuming XSS prevention), but I don’t know how to fix it. I want to track the iframe target site.

Error occurs at least in Chrome 17.

Can somebody please help? I know that I can’t get tracking information from the parent of the iframe and I don’t need to. I only want to track the iframe webpage itself.

Unsafe JavaScript attempt to access frame with URL from frame with URL Domains, protocols and ports must match.


(anonymous function)


Hello, I examined the code but still can’t find any solution for this problem. Is there anybody that can help please?

(Matthieu Aubry) #3

To track the iframe you would have to put the JS code inside the iframe.


Hi Matt,

thanks again. Of course the tracking-code (JS) is inside the iframe page. In the above example there is one tracking-code in (regular site) and one tracking-code in (iframe-site). Both sites actually get tracked correctly (in their own piwik installations). The problem is not the tracking itself.

The only problem is the above warning that shows up in Chrome. In Firefox and other browser it’s okay.

Somehow Piwik JS Lib (piwik.js) wants to access information on the parent element of the iframe (which is not allowed).

Edit: I believe it’s windowAlias.parent.document.* what causes the security warning in Chrome. Well, as I said tracking works okay - but I don’t know if in future maybe js-scripts causing this “security violation” will be stopped from executing.

634	                 * Get page referrer
635	                 */
636	                function getReferrer() {
637	                        var referrer = '';
639	                        try {
640	                                referrer =;
641	                        } catch (e) {
642	                                if (windowAlias.parent) {
643	                                        try {
644	                                                referrer = windowAlias.parent.document.referrer;
645	                                        } catch (e2) {
646	                                                referrer = '';
647	                                        }
648	                                }
649	                        }
650	                        if (referrer === '') {
651	                                referrer = documentAlias.referrer;
652	                        }
654	                        return referrer;
655	                }

(Matthieu Aubry) #5

Thanks for the report. can you pelase create a ticket in and we will investigate!


Please see Tracking code in iframe target of an external site triggers warning in Chrome · Issue #3215 · matomo-org/matomo · GitHub