Languages
Wiki
All Wiki Articles Create Wiki Article
adminitration
apache2
iframe
http
headers
[Edit]
EN

apache2 - do not let to display website embedded in iframe

2 contributors
7 contributions
0 discussions
8 points
Created by:
Palus-Bear
1016

In this short article, we would like to show you simple apache2 configuration that do not let to display your website embedded in frame, iframe, embed and object elements on ther webpages.

Blocked iframe with X-Frame-Options: SAMEORIGIN header.
Blocked iframe with X-Frame-Options: SAMEORIGIN header.

Hint: check if mod_headers is enabled in your apache2 server or:

1. execute in command line a2enmod headers command to enable mod_headers,

2. and later reastart apache2 server.

 

Solutions

The below solutions present example VirtualServer configurations.

1. Permanent block

Using this configuration we will be not able to built-in website in all iframe elements.

<VirtualHost *:443>

    ServerName my-domain.com

    <IfModule mod_headers.c>
        Header set X-Frame-Options: DENY
    </IfModule>

</VirtualHost>

2. The same origin allowed

Using this configuration we will be able to built-in website in onwn iframe element, but only if origin for both websites will be the same.

<VirtualHost *:443>

    ServerName my-domain.com

    <IfModule mod_headers.c>
        Header set X-Frame-Options: SAMEORIGIN
    </IfModule>

</VirtualHost>

 

See also

  1. HTTP - do not let to embed website in iframe 

Alternative titles

  1. apache2 - prevent website from being placed in iframe
Donate to Dirask
Our content is created by volunteers - like Wikipedia. If you think, the things we do are good, donate us. Thanks!
Direct link
Join to our subscribers to be up to date with content, news and offers.
Native Advertising
🚀
Get your tech brand or product in front of software developers.
For more information Contact us
Dirask - we help you to
solve coding problems.
Ask question.

❤️💻 🙂

Join