No, You can do almost nothing with an iframe which has src set to another domain because of XXS

You can try to use sandbox="" attribute to prevent the iframe from redirecting.

<iframe src="http://example.com/" sandbox=""></iframe>

There is no way to clear the session history or to disable the back/forward navigation from unprivileged code. The closest available solution is the location.replace() method, which replaces the current item of the session history with the provided URL.

Source (MDN)

location.replace() | MDN

Since the link is external, the short answer is no. If you are in control of the content of the iframe there are a few things you can do. History will be updated any time the src attribute of an iframe is changed after it has been added to the DOM or if the user follows a link in the iframe. With control of the iframe content, when a user clicked a link, you could use postMessage and have the parent window replace the iframe element with a new one. In the same domain, you could just use window.parent.

http://jsbin.com/coregedoze/2 Here is a link of my code with an iframe, this has no sandbox attribute- as this attribute only works with HTML5 and limited browser version. I rechecked this code and it wont save any history. Only case is if you change your source of the iframe the whole page reloads and makes another entry into history, which can be avoided using sandbox="value" as mentioned in above answer by JAYDEN LAWSON. Another way around is declare your links in your page out of iframe and call them in iframe like traget="iframe_a" , where iframe_a is your iframe name. hope this helps :-)