Difference between revisions of "X-Frame-Options"
Jump to navigation
Jump to search
| (7 intermediate revisions by 3 users not shown) | |||
| Line 1: | Line 1: | ||
| − | [[wikipedia:X-Frame-Options]] | + | [[wikipedia:X-Frame-Options]] (deprecated) |
| + | * https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options | ||
| + | |||
| + | The <code>[[Content-Security-Policy]]</code> [[HTTP header]] has a <code>[[frame-ancestors]]</code> directive which obsoletes this header for supporting browsers | ||
| + | |||
| + | X-Frame-Options: DENY | ||
| + | X-Frame-Options: SAMEORIGIN | ||
| − | * | + | ALLOW-FROM |
| + | |||
| + | == Related == | ||
| + | * <code>[[Content-Security-Policy]]: [[frame-ancestors]]</code> | ||
| + | |||
| + | == See also == | ||
| + | * {{HTTP Header}} | ||
| + | * {{HTTPS}} | ||
| + | |||
| + | [[Category:HTTP]] | ||
Latest revision as of 14:52, 21 July 2023
wikipedia:X-Frame-Options (deprecated)
The Content-Security-Policy HTTP header has a frame-ancestors directive which obsoletes this header for supporting browsers
X-Frame-Options: DENY X-Frame-Options: SAMEORIGIN
ALLOW-FROM
Related[edit]
See also[edit]
- HTTP Headers:
Authorization:, X-Frame-Options, Content-Security-Policy, Cache-Control, Terraform:drop_invalid_header_fields - HTTP, HTTP client, HTTP/1.1, HTTP/2, HTTP/3, HTTPS, HSTS CSR, TLS, SSL,
openSSL, WebSockets, WebRTC,ssl_certificateQUIC, HPKP, CT, List of HTTP status codes, URL redirection, Content-type:, Webhook, HTTP headers,--insecure, Axios HTTP client, HTTP cookies, HTTP ETag, Hypertext Transfer Protocol -- HTTP/1.1
Advertising:
