Knowledge base
1000 FAQs, 500 tutorials and explanatory videos. Here, there are only solutions!
Setting up the “X-Frame-Options” header
This guide details the "X-Frame-Options" header, which can be used to protect against, among other things, clickjacking attacks. Note that the "X-Frame-Options" header may not be supported by all web browsers. It is advisable to combine it with other methods to enhance the security of your website.
Possible Values for the Header
The "X-Frame-Options" header can be set to prevent a website from being loaded in a frame or iframe. There are three possible values for this header:
- "DENY": the website cannot be loaded in a frame or iframe
- "SAMEORIGIN": the website can be loaded in a frame or iframe only if the source of the frame or iframe belongs to the same domain as the website
- "ALLOW-FROM uri": the website can be loaded in a frame or iframe only from the specified URI
Header set X-Frame-Options "DENY"
header('X-Frame-Options: DENY');
Replace "DENY" with the desired value for this header.
Link to this FAQ: