How to prevent my site from being rendered in an iframe

Navigation
3

The idea is simple, I have a website, how do I prevent another site from calling my own through a iframe ?

    
asked by anonymous 13.01.2016 / 16:38

2 answers

6

Using Header

Newer browsers accept an HTTP header for this purpose: 

X-Frame-Options

Here are the options:

  • deny - framing not allowed

  • sameorigin - not allowed if not of the same source

  • allow-from - allows only the specified source

  • allowall - (non-default) allows framing of any location.

Example in PHP: 

<?php header('X-Frame-Options: deny'); ?>


JS Solution

For other browsers, the only solution is to use a JS to prevent content from remaining "framed": 

if (parent.frames.length > 0) {
  top.location.replace(document.location);
}

But if JS is disabled in the frame, there is not much to do. Anyway, it's always the client who controls this.

    
13.01.2016 / 16:41
1

add the following header to your page:

X-Frame-Options : DENY

You can also use SAMEORIGIN instead of DENY

    
13.01.2016 / 16:43
Is it possible to add int with str composed of text and numbers in Python? Problems calculating on average in Java