限制網頁被iframe亂嵌入引用
#Apache 設定
引自
https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options?redirectlocale=en-US&redirectslug=The_X-FRAME-OPTIONS_response_header
Header always append X-Frame-Options SAMEORIGIN
#HTML META<meta http-equiv="X-Frame-Options" content="deny"> <meta http-equiv="X-Frame-Options" content="SAMEORIGIN"><meta http-equiv="X-Frame-Options" content="ALLOW-FROM https://myhost">
#Nginx 設定 location /{ add_header X-Frame-Options SAMEORIGIN} #IIS<system.webServer>
...
<httpProtocol>
<customHeaders>
<add name="X-Frame-Options" value="SAMEORIGIN" />
</customHeaders>
</httpProtocol>
...
</system.webServer> #HAProxyrspadd X-Frame-Options:\ SAMEORIGIN #PHP 方式header('X-Frame-Options:Deny');header('X-Frame-Options:SAMEORIGIN');header('X-Frame-Options:ALLOW-FROM https://myhost ') if($_server['http_host']!='localhost'){exit('iframe is spammed');} #jscript 方式 <script>if(top.location.href != self.location.href){top.location.href=self.location.href;}</script> 引自
https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options?redirectlocale=en-US&redirectslug=The_X-FRAME-OPTIONS_response_header
