Home > php教程 > php手册 > body text

PHP、Nginx、Apache中禁止网页被iframe引用的方法

WBOY
Release: 2016-06-13 09:34:08
Original
840 people have browsed it

可以使用php或nginx等添加X-Frame-Options header来控制frame权限
X-Frame-Options有三个可选的值:

DENY:浏览器拒绝当前页面加载任何Frame页面
SAMEORIGIN:frame页面的地址只能为同源域名下的页面
ALLOW-FROM:允许frame加载的页面地址

PHP代码:

复制代码 代码如下:

header(‘X-Frame-Options:Deny');

Nginx配置:

复制代码 代码如下:

add_header X-Frame-Options SAMEORIGIN

可以加在locaion中

复制代码 代码如下:

location /
{
  add_header X-Frame-Options SAMEORIGIN
}

Apache配置:

复制代码 代码如下:


Header always append X-Frame-Options SAMEORIGIN


使用后不充许frame的页面会显示一个白板。

参考:

https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options?redirectlocale=en-US&redirectslug=The_X-FRAME-OPTIONS_response_header

Related labels:
source:php.cn
Statement of this Website
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Popular Recommendations
Popular Tutorials
More>
Latest Downloads
More>
Web Effects
Website Source Code
Website Materials
Front End Template