X-Frame-Options header is included in the HTTP response to protect against 'ClickJacking' attacks.
The X-Frame-Options header is used to indicate whether or not a website/browser should be allowed to open a page in frame or iframe.This will prevent website content embedded into other websites.
It protect against 'ClickJacking' attacks.
There are three options for X-Frame-Options:
Syntax:
IN HTML Page:- Type below code in head section:
The X-Frame-Options header is used to indicate whether or not a website/browser should be allowed to open a page in frame or iframe.This will prevent website content embedded into other websites.
It protect against 'ClickJacking' attacks.
There are three options for X-Frame-Options:
- SAMEORIGIN: This option will allow page to be displayed in frame on the same origin, means you can render the same website page into iframe/frame.
- DENY: This option will prevent a page displaying in a frame or iframe, means no one website can render website page in frame/iframe.
- ALLOW-FROM uri: This Option will allow page to be displayed only on the specified origin.if you want to allow render the page of website for a particular website then you can use this option.
Syntax:
IN HTML Page:- Type below code in head section:
http-equiv="X-FRAME-OPTIONS" content="DENY">
========================================================
You can use any web developer tool to view Response headers and ensure you see
======================================================
Configuring Apache HOw to Check X-Frame-Option of a web page:
To configure Apache to send the X-Frame-Options for all pages, add below setting to your site as required:
- Header always append X-Frame-Options SAMEORIGIN
- Header set X-Frame-Options DENY
- Header set X-Frame-Options "ALLOW-FROM https://example.com/"
No comments:
Post a Comment