STAAH

Having a safe secured website and creating trust for your guest is extremely important especially when you have a booking engine.


Consumers have been warned for years about the potential danger of compromised payment card readers. Now, a recently uncovered threat called formjacking is basically doing the same thing, only it is happening when you enter your payment details on a website. By inserting malicious code into the site, cyberthieves can swoop in and steal your card number, security code, zip code, and much more.

Websites having Iframes can cause the above threat. Here are four main reasons why we strongly suggest not to use booking engines with an iframe:

1. Security Risks

Iframes bring security risks and site becomes vulnerable to cross-site attacks. This vulnerability is called formjacking.  Formjacking is a term we use to describe the use of malicious JavaScript code to steal credit card details and other information from payment forms on the checkout web pages of e-commerce sites. You may get a submittable malicious web form, phishing your users’ personal data.

2. Usability Issues 

The iframe tag is notorious for creating usability annoyances. Often it tends to break the browsers’ “Back” button or confuses visually impaired visitors, using screen readers Or suddenly opening the iframe content in a new browser window.

3. Iframes Cause SEO Problems

SEO these days play a very crucial role in getting you visible out there on search engines. However, having iframes on your website/booking engine it may affect on your search engine optimisation. Google also recommends refraining from creating iframes. Iframes can cause problems for search engines because they don’t correspond to the conceptual model of the web.

4. Stealing Personal Detail Threat

 As a property, you would not want any of your guest to complain of having their personal details stolen. Having a secured website and booking engine creates trust. Iframes often cause hackers to collect information, such as payment card details and the user’s name and address.

How to rectify it?

Simply contact your web developer to remove iframe code or apply direct booking engine link to open in a new tab.

We strongly advise you to stay away from using the iframe tags, as STAAH takes security seriously and helping clients get rid of any form of risk is our job to notify them.

STAAH Clients

STAAH will no longer be supporting websites with iframes from 13th May 2019 onwards. We suggest all our clients to stop using iframe tags.


For any further queries or maintaining domain branding, feel free to contact support@staah.com

This article was originally published by STAAH. For more hotelier tips, trends, and news please click here.


Logos, product and company names mentioned are the property of their respective owners.