Abstract: A computer-implemented method is provided, including storing, in an authentication server system, a URL identifying at least one web page, and providing a secure zone browser-side script to be placed on the web page. Upon opening of the web page in a browser, the secure zone browser-side script triggers execution of a server-side script at the authentication server system. The server-side script creates, on the web page, an inline frame, which is controlled by the authentication server system during a session that is associated with the inline frame. The authentication server system retrieves a referrer address from the session, and compares the referrer address with the stored URL. Upon finding a match between the referrer address and the stored URL, the authentication server system delivers web content to or via the inline frame. Other embodiments are also described.