· July 2013 ·

Prevent rendering your page inside an iframe using X-Frame-Options

Setting the reponse header: X-Frame-Options to DENY or SAMEORIGIN will prevent your page to be displayed in another site and will prevent most clickjacking attacks

DENY <br/>
will prevent your page completely from being displayed in an iframe.</br>
php example:

header('X-Frame-Options: DENY');

will prevent you page from being displayed in other sites (in our case to allow displaying your page in an iframe, "same site" means it must be the same domain with the same protocol).<br/>
php example:

header('X-Frame-Options: SAMEORIGIN');

Both options are well supported in most of the common web browsers (chrome, firefox, safari, opera, IE8 and above)

There's a third option ALLOW-FROM, but I won't discuss it because it is badly supported in most of the browsers.


Sign in or sign up to add your response.
Featured Programming Job

Junior C++ Machine Vision Developer
Silver Spring, MD
Full Time
Search all programming jobs