How to deny loading a page into a frame of a third-party site
- Published:
A modern method to deny loading pages of your site into frame (FRAME
or IFRAME
HTML-element) on another site is using of X-Frame-Options
HTTP-server response header.
Available values for X-Frame-Options
:
DENY
- Loading page into frame is denied.
SAMEORIGIN
- Loading page into frame is permitted only in case of frame is located on a page of same site that loading page belongs to.
ALLOW-FROM uri
- The page can only be displayed in a frame on the specified origin.
DENY
and SAMEORIGIN
values are supported by all modern browsers including IE8+.
ALLOW-FROM uri
value is supported by Firefox 18+.