This recipe helps you control if your website can be embedded in a third-party page via an "iframe". By configuring the X-Frame-Options HTTP response header, you can forbid this practice to protect yourself against attacks like "clickjacking".

Why is this important?

  • Protection against clickjacking: This is the main benefit. By forbidding the embedding of your pages, you prevent an attacker from overlaying invisible elements on top of your site to trick a user into clicking malicious links without their knowledge.
  • Control over your content: You decide where and how your pages can be displayed. This guarantees the integrity of your user experience and your brand image.
  • Respect for best practices: Using this security header is a recommended standard practice for all websites. This reinforces your visitors' trust.

The two restriction modes

You can choose between two restriction policies:

  • deny: Forbids all iframe embedding. Your page cannot be displayed in an iframe anywhere.
  • sameorigin: Allows embedding only if the parent page has the same origin (same domain name) as your page.

To learn more

We offer several other recipes to improve the security of your website, feel free to take a look!

How to install this recipe on my website with redirection.io?

Installing this recipe on your website requires the following steps:

  1. Choose the restriction mode: Select the mode that suits your site.
    • deny: Forbids all embedding of your pages in an iframe, including on your own site. This is the strictest option.
    • sameorigin: Allows embedding only on pages of your own site (same origin).
  2. Install the recipe: Once you have made your choice, click the install button. A rule configuring the X-Frame-Options header will be created for you in "draft" mode.
  3. Review the rule: Examine the generated rule to ensure it meets your expectations. For example, you can modify the conditions that trigger its execution.
  4. Publish the rule: Once the rule is published, your pages will be protected against unauthorized iframe embedding a few moments later.

Discover our recipes to improve your website's quality in one click

redirection.io's recipes are a powerful feature designed to simplify the implementation of front-end quality best practices for your websites. Think of them as a curated "app store" for your site, offering a variety of pre-configured solutions that can be installed with a single click.

Discover all redirection.io recipes