HTTP Response Headers 的 X-Frame-Options

Posted on July 13, 2012 by

現在新的瀏覽器都支援解讀 HTTP Response Header: X-Frame-Options 這個條件，因此我在自己的伺服器上面加了這個選項，主要是我的網站不想被人家用 frameset 或是 iframe 包起來。

There are two possible values for X-Frame-Options:

DENY
The page cannot be displayed in a frame, regardless of the site attempting to do so.

SAMEORIGIN
The page can only be displayed in a frame on the same origin as the page itself.

ref: The X-Frame-Options response header

如果是 Apache2 的話很簡單，不用改程式，可以直接用 Module 做掉：

1. 在 Apache2 啟動時一併載入 mod_headers.so (如果是 debian 可以用 sudo a2enmod headers 來啟用)

2. 自己新增一個 conf 檔，裡面寫上
Header always append X-Frame-Options SAMEORIGIN

至於選項要是 SAMEORIGIN 還是 DENY 就看需求而定，之後重起 Apache2 就完成了。

Posted in Computers

Leave a Reply Cancel reply

我請同事從日本買，折合台幣約五千多，不到六千。... by roga
你好想請問入手價大約多少台幣呢？... by 宗承
1. 你住哪？台北市區通常不用特別找人，五星級的 RAID BOSS 都會有人打... by roga
我九月中回台灣，請問台灣有族群可以查或問有沒有人要一起打 boss? &n... by 丁
謝謝對我幫助很大  ... by wilile
[…] [Pokemon GO] 日本仙台快閃之旅 – 乘龍 x 1... by [Pokemon GO] 一週年回顧 – roga's blog
[…] 其他： [Pokemon GO] Raid Battle 團... by [Pokemon GO] 一週年回顧 – roga's blog
[…] [Pokemon GO] 遊玩回顧 (2016 十二月份) ... by [Pokemon GO] 一週年回顧 – roga's blog
[…] 另外我也寫了一篇「[Pokemon GO] 北美限定版 Po... by [Pokemon GO] 遊玩回顧 (2017 五月份) – roga's blog
[…] [Pokemon GO] 畢業 143 + 1 隻 Poke... by [Pokemon GO] 一週年回顧 – roga's blog
[…] [Pokemon GO] 遊玩回顧 (2016 十一月份) ... by [Pokemon GO] 一週年回顧 – roga's blog
[…] [Pokemon GO] Legendary Pokemon... by [Pokemon GO] 一週年回顧 – roga's blog
[…] [Pokemon GO] 遊玩回顧 (2017 七月份) [... by [Pokemon GO] 一週年回顧 – roga's blog
[…] [Pokemon GO] 遊玩回顧 (2016 十月份) [... by [Pokemon GO] 一週年回顧 – roga's blog
[…] [Pokemon GO] 遊玩回顧 (2016 九月份) [... by [Pokemon GO] 一週年回顧 – roga's blog
[…] [Pokemon GO] Pokemon GO Plus 重... by [Pokemon GO] 一週年回顧 – roga's blog
[…] 特別篇： [Pokemon GO] 歐洲限定版 Pokemo... by [Pokemon GO] 一週年回顧 – roga's blog
[…] [Pokemon GO] 遊玩回顧 (2016 八月份) [... by [Pokemon GO] 一週年回顧 – roga's blog
[…] MotoGP 因為沒有雷達幫忙，所以費盡千辛萬苦才抓到一隻... by [Pokèmon GO] 美洲限定版肯泰羅 GOTCHA – roga's blog
哈哈~ 網路上無斷轉載文章的太多了，感謝告知。... by roga