X-Frame-Options is not working in meta tag?

html x-frame-options metatag http-equiv
VR Patel picture VR Patel · Aug 2, 2017 · Viewed 13.8k times · Source

I want to restrict my site content to be used in other domains through iframe control. The recommented meta tag i.e <meta http-equiv="X-Frame-Options" content="deny"> is not working. What can i do?

Answer

Simonluca Landi picture Simonluca Landi · Aug 2, 2017

You can't set X-Frame-Options in a metatag, only using the HTTP header.

read more here:

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options

For example, if you are using Apache, you should add a line like this in the .htaccess file

Header set X-Frame-Options DENY

Related questions

IFRAME: Refused to display document because display forbidden by X-Frame-Options

Possible Duplicate: Overcoming “Display forbidden by X-Frame-Options” I have this HTML code on a server (Heroku). From the iframe of www.example.com I click on the "login to google" button, but I get this error message: Refused to display …

Read More
Is there a client-side way to detect X-Frame-Options?

Is there any good way to detect when a page isn't going to display in a frame because of the X-Frame-Options header? I know I can request the page serverside and look for the header, but I was curious if …

Read More
Refused to display a website in a frame because of its 'X-Frame-Options'

I'm trying to display Facebook page in an simple HTML page which only contains an iframe. Here's my HTML code: <html> <body> <iframe src="http://www.facebook.com"></iframe> </body> &…

Read More