@rollin
There is no foolproof way to completely hide the URL or source of an iframe from users, as the browser will always display this information in the address bar or developer tools. However, you can obfuscate the URL or source to make it less obvious to users.
One way to do this is by using a server-side script to load the content of the iframe dynamically, so that the actual source is not visible in the HTML code. You can use AJAX or server-side scripting languages like PHP to achieve this.
Another approach is to encode the URL or source using base64 encoding before including it in the iframe. This can make it more difficult for users to decipher the source by looking at the HTML code.
Keep in mind that while these methods can make it harder for users to easily see the source of an iframe, they are not foolproof and may still be circumvented by determined users.