如何阻止 Iframe 调用 [英] How to Block Iframe call
问题描述
最近我的完整站点被另外两个域在 iframe 中调用.我想阻止其他网站,他们试图在 iframe 中显示我的网站.
Recently my complete site is called in iframe by two other domains. I would like to block other sites, who are trying to show my site in iframe.
我如何通过 .htaccess 阻止它?
How can i block that through .htaccess?
推荐答案
您可以在标题 X-Frame-Options: Deny 中设置变量.
You can set the variable in the header X-Frame-Options: Deny.
所有现代浏览器都支持 X-Frame-Options 标头.
All modern browsers support the X-Frame-Options header.
Facebook 使用此标头禁用 iframe/framesets(也是 Javascript).
The Facebook uses this header to disable iframe/framesets (also Javascript).
如果您在 apache 中启用了 mod_headers:
If you have enabled the mod_headers in apache:
.htaccess
Header set X-Frame-Options DENY
但是,您可以启用来自同一来源的 iframe.
But, you can enable iframes come from the same origin.
Header always append X-Frame-Options SAMEORIGIN
或者在 Nginx 中:
Or in Nginx:
add_header X-Frame-Options Deny; #or SAMEORIGIN
浏览器兼容性:来源
- Internet Explorer:8.0
- Firefox (Gecko):3.6.9 (1.9.2.9)
- 歌剧:10.50
- Safari:4.0
- 铬:4.1.249.1042
这篇关于如何阻止 Iframe 调用的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!