What are X-Frame-Options?

Email: maixuanviet.com@gmail.com
Skype: maixuanviet.com@outlook.com
Linkein: <a href="https://www.linkedin.com/in/maixuanviet" rel="noopener noreferrer" target="_blank"> linkedin.com/in/maixuanviet
HackerRank: <a href="https://www.hackerrank.com/vietmx" rel="noopener noreferrer" target="_blank"> hackerrank.com/vietmx
Github: github.com/vietmx
Tiktok: <a href="https://www.tiktok.com/@maixuanviet.com" rel="noopener noreferrer" target="_blank"> tiktok.com/@maixuanviet.com

Technology Community › Category: Web Security › What are X-Frame-Options?

VietMX Staff asked 3 years ago

Use the X-Frame-Options HTTP header is one of the options to prevent clickjacking. It allows an application to specify whether frame use is simply denied, via the DENY value, or the use of frames is allowed, by the SAMEORIGIN or ALLOW-FROM values. Mainstream modern browsers do support this header option, but other browsers may not.

Possible X-Frame-Options:

X-Frame-Options: DENY
X-Frame-Options: SAMEORIGIN
X-Frame-Options: ALLOW-FROM https://example.com

Question Tags: Senior Level, Web Security