X-Frame-Options header is included in the HTTP response to protect against 'ClickJacking' attacks.
The X-Frame-Options header is used
to indicate whether or not a website/browser should be allowed to open a page
in frame or iframe.This will prevent website content embedded into other
websites.
It protect against 'ClickJacking' attacks.
There are three options for X-Frame-Options:
- SAMEORIGIN: This option will allow page to be displayed in frame on the same origin, means you can render the same website page into iframe/frame.
- DENY: This option will prevent a page displaying in a frame or iframe, means no one website can render website page in frame/iframe.
- ALLOW-FROM uri: This Option will allow page to be displayed only on the specified origin.if you want to allow render the page of website for a particular website then you can use this option.
IN HTML Page:- Type below code in head section:
http-equiv="X-FRAME-OPTIONS"
content="DENY">
IN PHP Page:-
<?php header('X-Frame-Options: DENY' ); ?>
========================================================
You can use any web developer tool
to view Response headers and ensure you see
Configuring Apache HOw to Check X-Frame-Option of a web page:
To configure Apache to send the X-Frame-Options for all pages, add below setting to your site as required:
Header always append X-Frame-Options SAMEORIGIN
Header set X-Frame-Options DENY
Header set X-Frame-Options "ALLOW-FROM https://example.com/"
======================================================
No comments:
Post a Comment