Change display of URL

I have an 8 page website with no open links back to the root directory.  It will appear soley as a link on a different website>

I want to create a URL mask that will display the host-site URL in the url-address field when each of the 8 pages is open.

I need some very specific instructions for a script that will work with most or all browsers and I need to know precisely where to place the script in each page.

To be clear....I want to place a link to on a web page named
When the visitor clicks on the link in and lands on, the URL displayed in the address bar will be, and all the pages on the 8-page website ( will also display as the URL...a mask!  Not a Short URL!  I don't ever want a visitor top see the url for

Any expert ideas?
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

in your page on use
<iframe src=// />

(I'd never use such a page, for obvious security reason :)
doncalarcoAuthor Commented:
>A hoffman.  thanks for the input. I do appreciate your expert advice, but if I gave you instructions to cook the perfect meal by saying "drop it in the pot and throw int in the oven, I would be useless.

your instruction is suggesting that I "use" on a page that I don't control.

Obvious reasons?  do you care to elaborate?  What obvious reasons?
>  do you care to elaborate?
if the user does not see where the content is from, there is no posibility to control if the content is trustworthy, hence a secure application (secure for the application and the user), any kind of frames should be avoided
there're many attacks around which use hidden elements or even hidden frames (click-jacking and such)

as I'm security paramoid, somehow, I avoid to "use" such pages
that's what I said, had no offence in mind ;-)
Become a Certified Penetration Testing Engineer

This CPTE Certified Penetration Testing Engineer course covers everything you need to know about becoming a Certified Penetration Testing Engineer. Career Path: Professional roles include Ethical Hackers, Security Consultants, System Administrators, and Chief Security Officers.

doncalarcoAuthor Commented:
>ahoffman:  I sincerely appreciate your security paranoia..It helps to know your concern.
This might help:
My client is also security paranoid.  They are a very large US corporation with 1200 field personnel who log in to an "intranet site" every day to post sales reports, and other dutiful reports.

I am an incentive motivation specialist who is managing the communications portion of their "Sales Contest".  I created a site (8 simple pages) where we store photos and text about the hotel trip they will win, information about the island, videos, etc.  Nothing revealing or security exposed.  My URL for the site I created (I have dozens of URLs to chose from) is very simple and has no way for anyone to back up to get to the main directory, because there is only one directory and it only holds this little site.

Someone with Security paranoia at the Client's side is concerned that the field people will discover that the site is coming from a third party (me) , or maybe they are concerned that the field personnel will back out the url and discover naughty bits, I don't know what their worry is.

No "public" viewing of this site is happening.  No meta tags, no promoting of any sort.. just a dedicated group of "employees" who will click on a link in their Intranet...and my pages will appear.

The client wants the URL to remain as his url>

What would really help is a professional opinion from you that it is impossible to do.  Then i can stop making as fool of myself by placing ridiculous tasks here on EE!

The simplest answer is to send the pages to them and let them host them.
problem solved?  Lots of work to do that!
Ray PaseurCommented:
The simplest answer is to send the pages to them and let them host them.  problem solved?  Lots of work to do that!

Maybe not so much as you might think.  See:
<?php // RAY_temp_doncalarco.php
echo file_get_contents('');

Open in new window

Now as it happens, I control both of those sites.  But any site that correctly uses a <base> tag in the header or uses explicit URLs can be re-served with a single line of code.  So you can add the <base> tag or use explicit URLs and your client can load your pages directly.  Easy!
doncalarcoAuthor Commented:
Ray, we may be almost there.  Now i need for you to show me HOW TO MAKE IT HAPPEN.

I have a link on Site A, that links to site B

When a visitor clicks on the link to site B...I want the URL for site A to remain in the address window>  Or a link back to the main page in Site A.

They just dont want my url (site B) to be visible

How do I make it happen.  I have the cooperation with both sites.  Please, as step by step!
I typed this up a bit earlier, so you will excuse me if I just post it.  I do suggest that you stick with whatever direction Ray Paseur guides you in and treat this as informative only.  Ray's suggestion looks like it will supersede the statement in the first paragraph of my comment.  Perhaps it might explain why ahoffmann drew your attention to the security aspects of what you want to do.

The only realistic method, other than sending your "web" to them and leaving them responsible for uploading them to their own server, is to load the content inside an "IFRAME" on their pages.  I will explain in a moment.

Please be aware that I am not recommending any of these methods, just trying to answer your question as fully as I can.

There have always been JavaScript methods for controlling how the browser shows things to the viewer.

For example, when someone hovers the mouse over a hyperlink it will show the URL of that link down in the Status Bar at the botrtom of the page.  It is possible to use JavaScript to display something entirely different in the Status bar for the link, including a completely different URL.  This tactic has been used a lot by unscrupulous people to disguise the fact that the link is to a malicious site of file.  Modern anti-malware applications may well detect such code in the page as suspicious, and there is also the issue that if JavaScript is disabled on the client system for security reasons the method will not work as expected.

You explained the following:

"No public viewing of this site is happening.  No meta tags, no promoting of any sort.. just a dedicated group of employees who will click on a link in their Intranet and my pages will appear.  The client wants the URL to remain as his url."

It would be easy enough for an employee to Right-Click on the hyperlink and "Copy Shortcut" (in IE or equivalent action in other browser) to see the real target.  It would also show in the browser's Status Bar when the employee hovered over the link, depending on the browser.  OK, so Right-Clicking can be disabled on the page(s) with the link(s) using JavaScript, but anyone curious enough to see the real URL could easily "View Source" unless the URL was "obfuscated", again using JavaScript.

Various ways to disable Right-Clicking in a page, along with details of which browsers support the method and which ones disregard it:

I Right-Click a lot in browsers, such as to open links in new tabs, and such tactics really annoy me.

I frown on methods that show something else in the Status Bar other than the real URL when hovering over and clicking a link, but it can be done:

Although there may be legitimate reasons for obfuscating hyperlinks, such as hiding a "mailto:" email address link from malicious "crawling" software that snatches email addresses from pages on the Internet, some anti-malware applications may detect the page as malicious because the methods are the same as commonly used to deliver malicious content:

URL Obfuscation by encoding the web address or IP Address into another encoding within the page's code:

Of course, you could use redirection via a short url created using or other url shorteners, but it will still show the real URL in the Address Bar of the browser when it gets to the page.

There are .ASP, Apache Server, etc methods to keep the URL in the Address Bar rooted at, for example, just the regardless of what page you are on, and there are JavaScript methods to open links in new Popup windows in which you can dictate the size of the new window and whether or not the various parts of the browser window show.  Each has its limitations in terms of whether or not the method will be supported, and I personally have never used any such methods because I find them objectionable.  As a viewer I deserve the right to see the URL of the page I am on, and nothing has the right nor legitimate need to hide my address bar.

Given that most, if not all of the above methods, would require that your client adds a bunch of code to their own web pages, I think the best solution is just to send them your "web" and let them host it on their own Intranet.

If you are really desperate to keep your own pages under your control and display them from your server, then your client could load them within an IFRAME on their pages.

Older HTML web pages used to have a full-width "banner" pane across the top, a separate "menu" pane down the left, and the page content n the lower right.  That way the banner and menu navigation remain constant while new content loads in the rest of the page.  In such a page each of the panes are loaded as separate "frames" into a main page something like these examples:
Click the "Try It Yourself" buttons and look at the related links at the bottom of the page:

That is "Frames".  These days CSS and other up to date methods are used for banners and navigation panels.

In IFRAME is an "inline frame" that is used to embed one page (or content from somewhere else) into another page:

Reasons why NOT to use IFRAMES and other info including how they work:

So, if your client created a page specifically for your content and in that used the IFRAME code to fetch one of your pages into it and fill it, the Address Bar would show the URL of your client's page, but your content would show:

That may or may not work depending on a lot of the criteria discussed in the above "iframe-related" pages I linked to above.

Anyway, as I said, stick with Ray's suggestions.
Ray PaseurCommented:
How do I make it happen.  I have the cooperation with both sites.  Please, as step by step!

Do it exactly the way I showed in the post above.  Visit these two web pages and look at the URLs in the address bar.

The images will change because they are randomly rotated, but the same page is being served through two URLs from the underlying data on the Landon Baseball web site.  It really is that easy.
if you want make things complicated, there's no way to restrict it :)
but you say:
>  I have the cooperation with both sites.
why not simply hand over the content from site B to site A?
and Ray's suggestion will do it dynamically ...
doncalarcoAuthor Commented:
> Ray, I dont want to sound too much like an idiot, but you wrote:

Do it exactly the way I showed in the post above.

In the post above you gave an example:

<?php // RAY_temp_doncalarco.php
echo file_get_contents('');

Where does this code get placed?  Which site, mine or theirs?
What do I substitute?

Do I place it on all my pages?
Does it matter where it gets placed in the html?

any help?
> Where does this code get placed?  Which site, mine or theirs?
on the site which should be displayed as URL in the browser bar

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Web Development

From novice to tech pro — start learning today.