How to deny loading a page into a frame of a third-party site
A modern method to deny loading pages of your site into frame (
IFRAME HTML-element) on another site is using of
X-Frame-Options HTTP-server response header.
Available values for
- Loading page into frame is denied.
- Loading page into frame is permitted only in case of frame is located on a page of same site that loading page belongs to.
- The page can only be displayed in a frame on the specified origin.
SAMEORIGIN values are supported by all modern browsers including IE8+.
ALLOW-FROM uri value is supported by Firefox 18+.