.htaccess - How to Block Iframe call

Question

Recently my complete site is called in iframe by two other domains. I would like to block other sites, who are trying to show my site in iframe.

How can i block that through .htaccess?

Answer 1

You can set the variable in the header X-Frame-Options: Deny.

All modern browsers support the X-Frame-Options header.

The Facebook uses this header to disable iframe/framesets (also Javascript).

If you have enabled the mod_headers in apache:

.htaccess

Header set X-Frame-Options DENY

But, you can enable iframes come from the same origin.

Header always append X-Frame-Options SAMEORIGIN

Or in Nginx:

add_header X-Frame-Options Deny; #or SAMEORIGIN

Browser compatibility: Source

• Internet Explorer: 8.0
• Firefox (Gecko): 3.6.9 (1.9.2.9)
• Opera: 10.50
• Safari: 4.0
• Chrome: 4.1.249.1042