Home > Article > Web Front-end > How to prevent web pages from being nested in iframes?
As the title states, my website content has been iframed into my own website by someone else. Is there any way to prevent it from being nested?
There is a better way:
Add an X-Frame-Options in the response header
There are three values, most browsers support:
DENY: The browser refuses the current page to load any Frame page
SAMEORIGIN: The address of the frame page can only be a page under the same origin domain name
ALLOW-FROM origin: origin is allowed The page address loaded by the frame will not be displayed when it is included in an iframe by pages from different sources.
Writing scripts
if (window != window.top) { window.top.location.replace(window.location) // 这是直接代替外窗,你也可以干别的 }rrree
Sina Weibo does this
if (window != window.top) { window.top.location.replace(window.location) //加弹窗代码 干死他们 还赚钱 }
It can basically resist most iframe nesting.
Also take a look at how others use iframe nesting to carry out attacks, and you will know how to defend against it
The best js defense solution at present is:
if (top != self) { top.location = self.location; }
Add Filter script. The principle is to let src point to a blank address when it is detected that the current url link is not your own. Please google the specific code.
The above is the detailed content of How to prevent web pages from being nested in iframes?. For more information, please follow other related articles on the PHP Chinese website!