How X-Frame-Options Works

1 min read Web Security Fundamentals

How X-Frame-Options Works

X-Frame-Options provides three directive values that control framing behavior:

DENY: Prevents the page from being displayed in any frame, regardless of origin.

X-Frame-Options: DENY

SAMEORIGIN: Allows framing only by pages from the same origin.

X-Frame-Options: SAMEORIGIN

ALLOW-FROM uri: Permits framing only by the specified origin (deprecated in modern browsers).

X-Frame-Options: ALLOW-FROM https://trusted-site.com