X-Frame-Options (contre le click-jacking, RFC 7034, 2013-10)


Définition Mozilla

The X-Frame-Options HTTP response header can be used to indicate whether or not a browser should be allowed to render a page in a <frame>, <iframe> or <object> .

Sites can use this to avoid clickjacking attacks, by ensuring that their content is not embedded into other sites.

Solution Django



This defaults to SAMEORIGIN.

To set DENY: