![Iframe website](https://loka.nahovitsyn.com/233.jpg)
![iframe website iframe website](https://techvccloud.mediacdn.vn/zoom/650_406/2020/10/2/iframe-1-1601628786277238642913-crop-16016303895811196986943.jpg)
However, you should follow several best practices to use Iframes appropriately in web apps to reduce the overall risks of including an external site in your web app. You can increase the protection for the website that is not mean to be loaded in an iframe implementing a Framekiller. Framekillers are implemented using JavaScript that validates if the current window is the main window, you can use the following snippet written in JS as a simple Framekiller in the webpage you want to block in iframes. As you have seen, adding an Iframe is straightforward. You can read more about this technique here. If you really asked to yourself (without read this paragraph), then you're making a great question, indeed the X-Frame-Options are sensible to the Clickjacking attack.Ĭlickjacking, or click hijacking is a malicious technique of tricking Internet users to reveal confidential information or take control of your computer when they click on seemingly innocent websites. You'll still be capable of embed your own page within an iframe in your own domain. The sameorigin value, will cause that the page cannot be displayed in a frame from other domains but yours. The deny value, will cause that the page cannot be displayed in a frame, regardless of the site that tries to do it (that includes yours). The following tag will prevent the access from a website independently from the request.
![iframe website iframe website](https://www.synopsys.com/blogs/software-security/wp-content/uploads/2020/07/protect-your-website-from-embedded-content-iframe-security-8.jpg)
![iframe website iframe website](https://kb.helpline.w3.uvm.edu/wp-content/uploads/2020/11/iFrameExample-1536x1244.png)
Error : Refused to display '' in a frame because it set 'X-Frame-Options' to 'SAMEORIGIN'.
![Iframe website](https://loka.nahovitsyn.com/233.jpg)