X-Frame-Options-Vulnerability/EN/Background: Unterschied zwischen den Versionen
(Eine dazwischenliegende Version desselben Benutzers wird nicht angezeigt) | |||
Zeile 1: | Zeile 1: | ||
− | This header entry determines whether a browser is allowed to render a page in a ''frame'' or ''iframe''. This can prevent so-called clickjacking attacks by making sure that the website is not embedded in another website. The following options are available: | + | This [[Header/EN|header]] entry determines whether a browser is allowed to render a page in a ''frame'' or ''iframe''. This can prevent so-called clickjacking attacks by making sure that the website is not embedded in another website. The following options are available: |
− | '''DENY:''' The page is not rendered if it is being loaded in a ''frame'' or ''iframe''. | + | <poem> |
− | '''SAMEORIGIN:''' The page is only rendered if the ''frame'' or ''iframe'' is located in the same domain. | + | '''DENY:''' The page is not rendered if it is being loaded in a ''frame'' or ''iframe''. |
+ | '''SAMEORIGIN:''' The page is only rendered if the ''frame'' or ''iframe'' is located in the same domain. | ||
'''ALLOW-FROM DOMAIN:''' The page is not rendered if the domain is different from the domain specified here. | '''ALLOW-FROM DOMAIN:''' The page is not rendered if the domain is different from the domain specified here. | ||
+ | </poem> |
Aktuelle Version vom 17. April 2019, 12:42 Uhr
This header entry determines whether a browser is allowed to render a page in a frame or iframe. This can prevent so-called clickjacking attacks by making sure that the website is not embedded in another website. The following options are available:
DENY: The page is not rendered if it is being loaded in a frame or iframe.
SAMEORIGIN: The page is only rendered if the frame or iframe is located in the same domain.
ALLOW-FROM DOMAIN: The page is not rendered if the domain is different from the domain specified here.