Using a time-based, rotating hash or string for security

Question

In a CMS app I occasionally need to open an iframe of another domain. At the moment I am setting the URL for that iframe to something very obscure. Like http://domain.com/if

Answer 1

If it is time based, then the amount of possible keys that a person would have to guess would be tiny. Since I would know approximately when a URl might be generated, and I know how you are hashing it, then I can just create hundreds of thousands of links and test them out.

You should use UUID or something equivalent. The probability of a collission would be essentially impossible.