Prevent your Site from being used in an iframe
· 96 wordsOften as a security measure, it can be a good idea to prevent your site from being put within an iframe. This is a measure to prevent against click-jacking. It’s well supported in most of today’s web browsers – with support for:
- Chrome 4+
- Firefox 1.9+
- IE8+
This can be done by setting the HTTP header X-Frame-Options.
Htaccess
Header set X-Frame-Options DENY
or in PHP
<?php
header('X-Frame-Options: Deny');
If you try and load the site with this header present, within Firefox you will get this message
Load denied by X-Frame-Options: https://www.example.co.uk/ does not permit cross-origin framing.
∞
About the Author: Edd Turtle
Edd is a PHP and Go developer, specialising in building scalable web applications. He enjoys blogging about his experiences, mostly about creating and coding new things he's working on and is a big beliver in open-source and Linux.