Tuesday, 30 December 2025

X-Frame-Options header for iframe 

<iframe
        src="https://google.com"
        width="600"
        height="300"
        title="Demo Iframe"
        frameborder="0"
> </iframe>

Google.com will not be displayed in iframe. It is said that Google is refused to be connected. This is because that Google send out X-Frame-Options header

There are two values for this header

X-Frame-Options: DENY
X-Frame-Options: SAMEORIGIN

To set in apache httpd.conf

Header always append X-Frame-Options SAMEORIGIN
Header always append X-Frame-Options DENY

For the first option, will display content of the same domain. For the second option, will not display content from any domain

Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)