Following are the X-Frame-Options which we can use:

X-Frame-Options: DENY
X-Frame-Options: SAMEORIGIN
X-Frame-Options: ALLOW-FROM

But in our case X-Frame-Options: ALLOW-FROM will work. but this option is not compatible with all browser.

So other way is Content-Security-Policy

# Allow specific origins to embed this content
Content-Security-Policy: frame-ancestors

Other use full link as below to implement “Content-Security-Policy”

Leave a Reply

Your email address will not be published. Required fields are marked *

Post Navigation