The X-Frame-Options HTTP response header can be used to indicate whether or not a browser should be allowed to render a page in a <frame>, <iframe> or <object> . Sites can use this to avoid clickjacking attacks, by ensuring that their content is not embedded into other sites.
Using X-Frame-OptionsThere are three possible values for X-Frame-Options:
-
DENY
The page cannot be displayed in a frame, regardless of the site attempting to do so.
- SAMEORIGIN
The page can only be displayed in a frame on the same origin as the page itself.
- ALLOW-FROM uri
The page can only be displayed in a frame on the specified origin.
No comments:
Post a Comment