Why Are Website Forms in the <iframe> Tags Considered Suspicious?


In order to protect any website form the data sent by visitors must be transferred to the website where the CleanTalk Anti-Spam is installed. Any embedded content with forms that accept data from visitors most likely sends its traffic to the third-party servers bypassing the website backend the form is embedded on, which means the CleanTalk Anti-Spam can not see that transferring data and therefore can not filter it.

That's the reason why the CleanTalk Anti-Spam does not protect website forms embedded with <iframe> tags.

Please, take a look at the schemes below for a better understanding.


Scheme 1

CleanTalk scheme non-iframe form


Scheme 2

CleanTalk scheme iframe form


We recommend using other plugins for creating non-iframe website forms. The full list of such plugins that are supported by CleanTalk is here:



Moreover, the <iframe> tags might be used to confuse visitors and steal their data. The details are here in our blog post:




If you haven't found the answer to your question, please, contact our support team:




Was this information helpful?

Copied to clipboard