How to deny loading page into frame of third-party site
- Published:
A modern method to deny loading pages of your site into frame (FRAME or IFRAME HTML-element) on another site is using of X-Frame-Options HTTP-server response header.
There are two available values for X-Frame-Options:
DENY- Loading page into frame is denied regardless of what site the frame-containing page is located on.
SAMEORIGIN- Loading page into frame is permitted only in case if frame is located on a page of same site that loading page belongs to.
The feature is supported by all modern browsers including IE8+.