Difference between revisions of "X-Frame-Options"
Jump to navigation
Jump to search
Line 6: | Line 6: | ||
X-Frame-Options: DENY | X-Frame-Options: DENY | ||
X-Frame-Options: SAMEORIGIN | X-Frame-Options: SAMEORIGIN | ||
+ | |||
+ | ALLOW-FROM | ||
== Related == | == Related == |
Revision as of 09:57, 20 July 2023
wikipedia:X-Frame-Options (deprecated)
The Content-Security-Policy
HTTP header has a frame-ancestors
directive which obsoletes this header for supporting browsers
X-Frame-Options: DENY X-Frame-Options: SAMEORIGIN
ALLOW-FROM
Related
See also
- HTTP Headers:
Authorization:, X-Frame-Options, Content-Security-Policy, Cache-Control
, Terraform:drop_invalid_header_fields
- HTTP, HTTP client, HTTP/1.1, HTTP/2, HTTP/3, HTTPS, HSTS CSR, TLS, SSL,
openSSL
, WebSockets, WebRTC,ssl_certificate
QUIC, HPKP, CT, List of HTTP status codes, URL redirection, Content-type:, Webhook, HTTP headers,--insecure
, Axios HTTP client, HTTP cookies, HTTP ETag, Hypertext Transfer Protocol -- HTTP/1.1
Advertising: