Any config tricks to stop site from framing us?

Branden Visser mrvisser at gmail.com
Tue Dec 3 21:49:42 UTC 2013


On Tue, Dec 3, 2013 at 4:46 PM, Ian Evans <ianevans at digitalhit.com> wrote:
> On 2013-12-03 16:32, Branden Visser wrote:
>>
>> If they're using an iframe rather than a proxy then IP tricks won't help.
>>
>> Using the X-FRAME-OPTIONS header is probably your best bet [1]
>>
>> Hope that helps,
>> Branden
>>
>> [1]
>>
>>
>> http://stackoverflow.com/questions/2896623/how-to-prevent-my-site-page-to-be-loaded-via-3rd-party-site-frame-of-iframe
>
>
> Thanks. Just did a cursory look, but does the header allow some sites to
> frame? e.g. letting stumbleupon do it but not others?
>

No I don't believe that's the case. If the browser supports it, it
*should* stop anyone from iframing, but you're under the mercy of the
browser implementation AFAIK -- so maybe Google's Chrome has some big
money deals with service providers like stumbleupon, for example (pure
speculation). There are other options listed in there such as
JavaScript tricks to verify the "self" frame is the same as the
"parent" frame. So you can also have a secondary check like that.

>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx



More information about the nginx mailing list