Welcome to ShenZhenJia Knowledge Sharing Community for programmer and developer-Open, Learning and Share
menu search
person
editAsk a Question
Welcome To Ask or Share your Answers For Others

Categories

.htaccess - How to Block Iframe call

in Technique[技术] by (71.8m points)

Recently my complete site is called in iframe by two other domains. I would like to block other sites, who are trying to show my site in iframe.

How can i block that through .htaccess?

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
thumb_up_alt 0 like thumb_down_alt 0 dislike
950 views
Welcome To Ask or Share your Answers For Others

1 Answer

by (71.8m points)

You can set the variable in the header X-Frame-Options: Deny.

All modern browsers support the X-Frame-Options header.

The Facebook uses this header to disable iframe/framesets (also Javascript).

If you have enabled the mod_headers in apache:

.htaccess

Header set X-Frame-Options DENY

But, you can enable iframes come from the same origin.

Header always append X-Frame-Options SAMEORIGIN

Or in Nginx:

add_header X-Frame-Options Deny; #or SAMEORIGIN

Browser compatibility: Source

  • Internet Explorer: 8.0
  • Firefox (Gecko): 3.6.9 (1.9.2.9)
  • Opera: 10.50
  • Safari: 4.0
  • Chrome: 4.1.249.1042

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
thumb_up_alt 0 like thumb_down_alt 0 dislike
Welcome to ShenZhenJia Knowledge Sharing Community for programmer and developer-Open, Learning and Share

Just Browsing Browsing

548k questions

547k answers

4 comments

86.3k users

Most popular tags

Theme made by Momin Raza, Modified by Ostack
Powered by Question2Answer
...