X-Frame-Options - HTTP

Deprecated: This feature is no longer recommended. Though some browsers might still tư vấn it, it may have already been removed from the relevant trang web standards, may be in the process of being dropped, or may only be kept for compatibility purposes. Avoid using it, and update existing code if possible; see the compatibility table at the bottom of this page vĩ đại guide your decision. Be aware that this feature may cease vĩ đại work at any time.

The HTTP X-Frame-Options response header can be used vĩ đại indicate whether a browser should be allowed vĩ đại render a page in a , , <embed> or <object>. Sites can use this vĩ đại avoid click-jacking attacks, by ensuring that their nội dung is not embedded into other sites.</p> <p>The added security is provided only if the user accessing the document is using a browser that supports <code>X-Frame-Options</code>.</p> <figure><table readabilitydatatable="1"> <tbody> <tr> <th scope="row">Header type</th> <td>Response header</td> </tr> <tr> <th scope="row">Forbidden header name</th> <td>No</td> </tr> </tbody> </table></figure></div><section aria-labelledby="syntax"><h2 id="syntax">Syntax</h2><div><p>There are two possible directives for <code>X-Frame-Options</code>:</p> <div><pre><code>X-Frame-Options: DENY X-Frame-Options: SAMEORIGIN </code></pre></div></div></section><section aria-labelledby="directives"><h3 id="directives">Directives</h3><div><p>If you specify <code>DENY</code>, not only will the browser attempt vĩ đại load the page in a frame fail when loaded from other sites, attempts vĩ đại vì thế so sánh will fail when loaded from the same site. On the other hand, if you specify <code>SAMEORIGIN</code>, you can still use the page in a frame as long as the site including it in a frame is the same as the one serving the page.</p> <dl> <dt id="deny">DENY</dt> <dd> <p>The page cannot be displayed in a frame, regardless of the site attempting vĩ đại vì thế so sánh.</p> </dd> <dt id="sameorigin">SAMEORIGIN <abbr title="Deprecated. Not for use in new websites."> <span>Deprecated</span> </abbr></dt> <dd> <p>The page can only be displayed if all ancestor frames are same origin vĩ đại the page itself.</p> </dd> <dt id="allow-from_origin">ALLOW-FROM origin <abbr title="Deprecated. Not for use in new websites."> <span>Deprecated</span> </abbr></dt> <dd> <p>This is an obsolete directive. Modern browsers that encounter response headers with this directive will ignore the header completely. The Content-Security-Policy HTTP header has a frame-ancestors directive which you should use instead.</p> </dd> </dl></div></section><section aria-labelledby="examples"><h2 id="examples">Examples</h2><div><p><strong>Warning:</strong> Setting <code>X-Frame-Options</code> inside the <meta> element (e.g., <code><meta http-equiv="X-Frame-Options" content="deny"></code>) has no effect. <code>X-Frame-Options</code> is only enforced via HTTP headers, as shown in the examples below.</p></div></section><section aria-labelledby="configuring_apache"><h3 id="configuring_apache">Configuring Apache</h3><div><p>To configure Apache vĩ đại send the <code>X-Frame-Options</code> header for all pages, add this vĩ đại your site's configuration:</p> <div><pre><code>Header always phối X-Frame-Options "SAMEORIGIN" </code></pre></div> <p>To configure Apache vĩ đại phối <code>X-Frame-Options</code> vĩ đại <code>DENY</code>, add this vĩ đại your site's configuration:</p> <div><pre><code>Header phối X-Frame-Options "DENY" </code></pre></div></div></section><section aria-labelledby="configuring_nginx"><h3 id="configuring_nginx">Configuring Nginx</h3><div><p>To configure Nginx vĩ đại send the <code>X-Frame-Options</code> header, add this either vĩ đại your http, server or location configuration:</p> <div><pre><code>add_header X-Frame-Options SAMEORIGIN always; </code></pre></div> <p>You can phối the <code>X-Frame-Options</code> header vĩ đại <code>DENY</code> using:</p> <div><pre><code>add_header X-Frame-Options DENY always; </code></pre></div></div></section><section aria-labelledby="configuring_iis"><h3 id="configuring_iis">Configuring IIS</h3><div><p>To configure IIS vĩ đại send the <code>X-Frame-Options</code> header, add this vĩ đại your site's <code>Web.config</code> file:</p> <div><pre><code><system.webServer> … <httpProtocol> <customHeaders> <add name="X-Frame-Options" value="SAMEORIGIN" /> </customHeaders> </httpProtocol> … </system.webServer> </code></pre></div> <p>For more information, see the Microsoft tư vấn article on setting this configuration using the IIS Manager user interface.</p></div></section><section aria-labelledby="configuring_haproxy"><h3 id="configuring_haproxy">Configuring HAProxy</h3><div><p>To configure HAProxy vĩ đại send the <code>X-Frame-Options</code> header, add this vĩ đại your front-end, listen, or backend configuration:</p> <pre>rspadd X-Frame-Options:\ SAMEORIGIN </pre> <p>Alternatively, in newer versions:</p> <pre>http-response set-header X-Frame-Options SAMEORIGIN </pre></div></section><section aria-labelledby="configuring_express"><h3 id="configuring_express">Configuring Express</h3><div><p>To phối <code>X-Frame-Options</code> vĩ đại <code>SAMEORIGIN</code> using Helmet add the following vĩ đại your server configuration:</p> <div><pre><code>const helmet = require("helmet"); const phầm mềm = express(); app.use( helmet({ xFrameOptions: { action: "sameorigin" }, }), ); </code></pre></div></div></section><h2 id="specifications">Specifications</h2><table readabilitydatatable="1"><thead><tr><th scope="col">Specification</th></tr></thead><tbody><tr><td>HTML Standard # the-x-frame-options-header</td></tr></tbody></table><h2 id="browser_compatibility">Browser compatibility</h2><p>BCD tables only load in the browser</p><section aria-labelledby="see_also"><h2 id="see_also">See also</h2></section></article></body> </div> </div> </div> </div> <aside class="col col-right col-xl-3 order-xl-2 col-lg-3 order-lg-2 col-md-6 col-sm-6 col-12"> <div class="sidebar-inner"> <div class="box widget mb20 widget-most-view type-2"> <div class="box-title widget-title mb-3 style_5"> <h6 class="m-0 main-title"><span class="inner-title">Đọc nhiều</span></h6> </div> <div class="box-body widget-content"> <div class="item"> <a href="/top-30-cam-xuc-ve-ngay-khai-truong-hay-nhat-1734398483" title="Top 30 Cảm xúc về ngày khai trường (hay nhất)." class="d-flex"> <div class="info-wrapper"> <span class="article-title"> Top 30 Cảm xúc về ngày khai trường (hay nhất). </span> </div> </a> </div> <div class="item"> <a href="/trinh-bay-y-kien-ve-mot-van-de-trong-doi-song-14-mau-1734389707" title="Trình bày ý kiến về một vấn đề trong đời sống (14 mẫu)" class="d-flex"> <div class="info-wrapper"> <span class="article-title"> Trình bày ý kiến về một vấn đề trong đời sống (14 mẫu) </span> </div> </a> </div> <div class="item"> <a href="/tom-tat-truyen-de-men-phieu-luu-ki-ngan-gon-nhat-10-dong-20-dong-1734418900" title="Tóm tắt truyện Dế Mèn Phiêu Lưu Kí ngắn gọn nhất 10 dòng, 20 dòng" class="d-flex"> <div class="info-wrapper"> <span class="article-title"> Tóm tắt truyện Dế Mèn Phiêu Lưu Kí ngắn gọn nhất 10 dòng, 20 dòng </span> </div> </a> </div> <div class="item"> <a href="/10-viet-bai-van-thuyet-minh-lai-mot-su-kien-le-hoi-ma-em-da-tung-tham-du-diem-cao-1734395419" title="10+ Viết bài văn thuyết minh lại một sự kiện (lễ hội) mà em đã từng tham dự (điểm cao)." class="d-flex"> <div class="info-wrapper"> <span class="article-title"> 10+ Viết bài văn thuyết minh lại một sự kiện (lễ hội) mà em đã từng tham dự (điểm cao). </span> </div> </a> </div> <div class="item"> <a href="/su-suy-giam-tinh-da-dang-sinh-hoc-cua-nuoc-ta-khong-phai-bieu-hien-o-su-mien-phi-1734439818" title="Sự suy giảm tính đa dạng sinh học của nước ta không phải biểu hiện ở sự (Miễn phí)" class="d-flex"> <div class="info-wrapper"> <span class="article-title"> Sự suy giảm tính đa dạng sinh học của nước ta không phải biểu hiện ở sự (Miễn phí) </span> </div> </a> </div> </div> </div> </div> </aside> </div> </div> </div> <div class="clearfix"></div> <div class="woodmart-close-side"></div> <footer class="fs2 f-rsr footer footer-type-2"> <div class="footer-body"> <div class="container"> <div class="footer_top_1"> <div class="row align-items-center"> <div class="col-md-9"> <a href="/" class="logo-footer"> <strong class="logo_text" style="font-family: initial; font-size: 40px; font-weight: 700;"> newyork.edu.vn </strong> </a> <p><strong>newyork.edu.vn</strong></p> <p></p> </div> <div class="col-md-3 text-center"> <div class="footer-social"> <ul class="social_icons social_white shape_square style_colored size_small" style="display: inline-block;"> <li><a href="https://www.facebook.com/nhanh3s" class="sc_facebook" target="_blank"><i class="fab fa-facebook-f" aria-hidden="true"></i></a> </li> <li> <a href="https://news.google.com/publications/CAAqBwgKMOqk1AswuMDrAw?hl=vi&gl=VN&ceid=VN:vi" class="sc_google" target="_blank"><i class="fab fa-google" aria-hidden="true"></i></a> </li> <li><a href="https://www.youtube.com/@nhanh3s/about" class="sc_youtube" target="_blank"><i class="fab fa-youtube" aria-hidden="true"></i></a> </li> <li><a href="https://www.instagram.com/nhanh3s/" class="sc_instagram" target="_blank"><i class="fab fa-instagram" aria-hidden="true"></i></a></li> <li><a href="https://www.pinterest.com/nhanh3s/" class="sc_pinterest" target="_blank"><i class="fab fa-pinterest" aria-hidden="true"></i></a></li> <li><a href="https://www.linkedin.com/in/nhanh-3s-602293295/" class="sc_linkedin" target="_blank"><i class="fab fa-linkedin" aria-hidden="true"></i></a> </li> <li><a href="/rss.html" class="sc_rss" target="_blank"><i class="fa fa-rss"></i></a> </li> </ul> </div> </div> </div> </div> <div class="clearfix text-f" style="position: relative"> <style> .text-f, .text-f p, .text-f a { color: transparent !important; } </style> </div> <div class="footer_bottom"> <p>Copyright © 2024 by newyork.edu.vn</p> </div> </div> </div> </footer> </div>  <script src="//newyork.edu.vn/modules/blog/js/app.js" type="text/javascript"></script> <div id="go_top_control" title="Lên đầu trang"> <i class="fa fa-arrow-up go_top_icon"></i> </div></body> </html> <script data-cfasync="false" src="/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js"></script>

X-Frame-Options - HTTP | MDN