Jump to content

What The Hell ?!


Recommended Posts

  • 2 weeks later...

Actually you can, all major modern browsers (Chrome,Firefox,IE 8+, etc) support a HTTP header named X-Frame-Options. If a server sends that header with whatever page it is serving, the browser will not allow it to be rendered in a <frame>, <iframe>, or <object> tag.


Since you seem to be using Apache, simply adding the following to your Apache config will make the server send it for everything that it serves.


Header always append X-Frame-Options DENY


Or switch out DENY with SAMEORIGIN if needing to allow framing on your own pages.


For instance, Stackoverflow uses it to prevent sites from framing there content


There are of course techniques to get around it, like scraping the target site and directly rendering the html, but I don't think many of these types of sites do anything more than just include an iframe.


RFC 7034 paper

MDN reference page


Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Create New...

Important Information

By using this site, you agree to our Terms of Use.