3
The idea is simple, I have a website, as I prevent another site from calling mine through a iframe?
2 answers
6
Using Header
Newer browsers accept an HTTP header for this purpose:
X-Frame-Options
Here are the options:
deny- not allowed the Framingsameorigin- not allowed if not of the same originallow-from- allows only the indicated originallowall- (non-standard) allows Framing of any location.
Example in PHP:
<?php header('X-Frame-Options: deny'); ?>
JS solution
For other browsers, the only solution is to use a JS to prevent content from remaining "framed":
if (parent.frames.length > 0) {
top.location.replace(document.location);
}
But if JS is disabled in the frame, there’s not much to do. Anyway, it’s always the client who controls that.
1
add the following header to your page:
X-Frame-Options: DENY
you can also use the SAMEORIGIN instead of DENY
Browser other questions tagged iframe
You are not signed in. Login or sign up in order to post.
Here’s a legal article about this http://blog.codinghorror.com/we-done-been-framed/
– Bacco