Home  >  Article  >  Web Front-end  >  How to prevent web pages from being nested in iframes?

How to prevent web pages from being nested in iframes?

黄舟
黄舟Original
2017-07-24 09:19:412698browse

As the title states, my website content has been iframed into my own website by someone else. Is there any way to prevent it from being nested?

There is a better way:

Add an X-Frame-Options in the response header

There are three values, most browsers support:

DENY: The browser refuses the current page to load any Frame page

SAMEORIGIN: The address of the frame page can only be a page under the same origin domain name

ALLOW-FROM origin: origin is allowed The page address loaded by the frame will not be displayed when it is included in an iframe by pages from different sources.

Writing scripts

if (window != window.top) 
{    
window.top.location.replace(window.location)    
// 这是直接代替外窗,你也可以干别的
}
rrree

Sina Weibo does this

if (window != window.top) 
{
window.top.location.replace(window.location)
//加弹窗代码 干死他们 还赚钱
}

It can basically resist most iframe nesting.

Also take a look at how others use iframe nesting to carry out attacks, and you will know how to defend against it

The best js defense solution at present is:

if (top != self) 
{    
top.location = self.location;
}

Add Filter script. The principle is to let src point to a blank address when it is detected that the current url link is not your own. Please google the specific code.

The above is the detailed content of How to prevent web pages from being nested in iframes?. For more information, please follow other related articles on the PHP Chinese website!

Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn