Following are the X-Frame-Options which we can use:

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options

X-Frame-Options: DENY
X-Frame-Options: SAMEORIGIN
X-Frame-Options: ALLOW-FROM https://example.com/

But in our case X-Frame-Options: ALLOW-FROM will work. but this option is not compatible with all browser.

So other way is Content-Security-Policy

https://en.wikipedia.org/wiki/Clickjacking

# Allow specific origins to embed this content
Content-Security-Policy: frame-ancestors example.com wikipedia.org


Other use full link as below to implement “Content-Security-Policy”

http://stackoverflow.com/questions/30280370/how-does-content-security-policy-work
https://content-security-policy.com/
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors

Leave a Reply

Your email address will not be published. Required fields are marked *

Post Navigation