Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
1.0k views
in Technique[技术] by (71.8m points)

.htaccess - How to Block Iframe call

Recently my complete site is called in iframe by two other domains. I would like to block other sites, who are trying to show my site in iframe.

How can i block that through .htaccess?

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)

You can set the variable in the header X-Frame-Options: Deny.

All modern browsers support the X-Frame-Options header.

The Facebook uses this header to disable iframe/framesets (also Javascript).

If you have enabled the mod_headers in apache:

.htaccess

Header set X-Frame-Options DENY

But, you can enable iframes come from the same origin.

Header always append X-Frame-Options SAMEORIGIN

Or in Nginx:

add_header X-Frame-Options Deny; #or SAMEORIGIN

Browser compatibility: Source

  • Internet Explorer: 8.0
  • Firefox (Gecko): 3.6.9 (1.9.2.9)
  • Opera: 10.50
  • Safari: 4.0
  • Chrome: 4.1.249.1042

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...