{"id":1972,"date":"2025-05-21T08:35:17","date_gmt":"2025-05-21T06:35:17","guid":{"rendered":"https:\/\/www.dimension-internet.com\/x-frame-options-protect-your-site-against-clickjacking\/"},"modified":"2025-07-02T14:32:15","modified_gmt":"2025-07-02T12:32:15","slug":"x-frame-options-protect-your-site-against-clickjacking","status":"publish","type":"post","link":"https:\/\/www.dimension-internet.com\/en\/x-frame-options-protect-your-site-against-clickjacking\/","title":{"rendered":"X-Frame-Options: Protect your Site against Clickjacking"},"content":{"rendered":"\n<p>The HTTP header <span style=\"background-color: #e0e0e0;\">X-Frame-Options<\/span> prevents your content from being loaded in an unauthorized <span style=\"background-color: #e0e0e0;\">&lt;frame&gt;<\/span> or <span style=\"background-color: #e0e0e0;\">&lt;iframe&gt;<\/span>, thereby neutralizing clickjacking attempts.<\/p>\n<h2>What is the X-Frame-Options Header?<\/h2>\n<p>It&#8217;s an HTTP response header that tells the browser whether a page can be displayed in a frame. Its presence triggers a check of the parent domain before content rendering. <\/p>\n<h2>Why Implement X-Frame-Options?<\/h2>\n<ul>\n<li>Prevents clickjacking by blocking content embedding in an external frame.<\/li>\n<li>Preserves user trust by preventing malicious redirects via frames.<\/li>\n<li>Simplifies compliance with web security standards without impacting performance.<\/li>\n<\/ul>\n<h2>X-Frame-Options Values<\/h2>\n<ul>\n<li><strong>DENY<\/strong>: Prohibits any embedding of the page in a frame, regardless of origin.<\/li>\n<li><strong>SAMEORIGIN<\/strong>: Allows framing only from the same domain.<\/li>\n<li><strong>ALLOW-FROM <span style=\"background-color: #e0e0e0;\">&lt;uri&gt;<\/span><\/strong>: Permits a specified origin (deprecated and poorly supported).<\/li>\n<\/ul>\n<p>The ALLOW-FROM directive is obsolete; for finer control, prefer <span style=\"background-color: #e0e0e0;\">frame-ancestors<\/span> in a Content Security Policy.<\/p>\n<h2>Deployment Steps<\/h2>\n<ol>\n<li>Audit needs and identify pages requiring legitimate framing.<\/li>\n<li>Choose the appropriate directive (DENY or SAMEORIGIN).<\/li>\n<li>Apply the header in <em>report-only<\/em> mode to collect potential errors without blocking users.<\/li>\n<li>Validate no impact on legitimate use cases.<\/li>\n<li>Deploy the header in production and monitor error feedback in HTTP logs.<\/li>\n<li>If external framing is necessary, supplement with the frame-ancestors directive of the CSP.<\/li>\n<\/ol>\n<h2>Configuration Examples<\/h2>\n<h3>Nginx<\/h3>\n<pre>server {\n    listen 443 ssl;\n    server_name exemple.com www.exemple.com;\n\n    add_header X-Frame-Options \"DENY\" always;\n\n    # Autres directives SSL\u2026\n}<\/pre>\n<h3>Apache (.Htaccess)<\/h3>\n<pre>&lt;IfModule mod_headers.c&gt;\n    Header always set X-Frame-Options \"SAMEORIGIN\"\n&lt;\/IfModule&gt;<\/pre>\n<h3>WordPress (Functions.Php)<\/h3>\n<pre>add_action('send_headers', function(){\n    header('X-Frame-Options: DENY');\n});<\/pre>\n<h2>Our X-Frame-Options Implementation Services<\/h2>\n<p>At <strong>Dimension Internet<\/strong>, we provide:<\/p>\n<ul>\n<li>auditing your architecture and framing needs,<\/li>\n<li>defining a tailored X-Frame-Options strategy,<\/li>\n<li>integrating the header into your server (Apache, Nginx, CDN),<\/li>\n<li>testing and validation in a pre-production environment,<\/li>\n<li>continuous monitoring and maintenance of your framing policy.<\/li>\n<\/ul>\n<h2>Conclusion<\/h2>\n<p>The X-Frame-Options header provides a simple and robust defense against clickjacking, strengthens user trust, and contributes to compliance with web security standards. Dimension Internet supports you from initial audit to operational monitoring for seamless deployment. By combining X-Frame-Options and the frame-ancestors directive of the CSP, you benefit from optimal protection against framing attacks and ensure your site&#8217;s reputation and security.  <\/p>\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Discover how the HTTP X-Frame-Options header prevents clickjacking attacks, its directives (DENY, SAMEORIGIN, ALLOW-FROM), and how Dimension Internet assists you with its implementation.<\/p>\n","protected":false},"author":1,"featured_media":1779,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[41,38],"tags":[],"class_list":["post-1972","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-development","category-security"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.3 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>X-Frame-Options: Protect your Site against Clickjacking - Dimension Internet<\/title>\n<meta name=\"description\" content=\"Discover how the HTTP X-Frame-Options header prevents clickjacking attacks, its directives (DENY, SAMEORIGIN, ALLOW-FROM), and how Dimension Internet assists you with its implementation.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.dimension-internet.com\/en\/x-frame-options-protect-your-site-against-clickjacking\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"X-Frame-Options: Protect your Site against Clickjacking - Dimension Internet\" \/>\n<meta property=\"og:description\" content=\"Discover how the HTTP X-Frame-Options header prevents clickjacking attacks, its directives (DENY, SAMEORIGIN, ALLOW-FROM), and how Dimension Internet assists you with its implementation.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.dimension-internet.com\/en\/x-frame-options-protect-your-site-against-clickjacking\/\" \/>\n<meta property=\"og:site_name\" content=\"Dimension Internet\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/dimensioninternet\/\" \/>\n<meta property=\"article:published_time\" content=\"2025-05-21T06:35:17+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-07-02T12:32:15+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.dimension-internet.com\/wp-content\/uploads\/2025\/05\/920ae93c-680e-497c-9f88-21d8fc9d3473-2.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"2368\" \/>\n\t<meta property=\"og:image:height\" content=\"1792\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Sven CAILTEUX\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Sven CAILTEUX\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.dimension-internet.com\\\/en\\\/x-frame-options-protect-your-site-against-clickjacking\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.dimension-internet.com\\\/en\\\/x-frame-options-protect-your-site-against-clickjacking\\\/\"},\"author\":{\"name\":\"Sven CAILTEUX\",\"@id\":\"https:\\\/\\\/www.dimension-internet.com\\\/en\\\/#\\\/schema\\\/person\\\/7486d6af116e6486d140e27c9e04f7a7\"},\"headline\":\"X-Frame-Options: Protect your Site against Clickjacking\",\"datePublished\":\"2025-05-21T06:35:17+00:00\",\"dateModified\":\"2025-07-02T12:32:15+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.dimension-internet.com\\\/en\\\/x-frame-options-protect-your-site-against-clickjacking\\\/\"},\"wordCount\":323,\"commentCount\":0,\"image\":{\"@id\":\"https:\\\/\\\/www.dimension-internet.com\\\/en\\\/x-frame-options-protect-your-site-against-clickjacking\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.dimension-internet.com\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/920ae93c-680e-497c-9f88-21d8fc9d3473-2.jpg\",\"articleSection\":[\"Development\",\"Security\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\\\/\\\/www.dimension-internet.com\\\/en\\\/x-frame-options-protect-your-site-against-clickjacking\\\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.dimension-internet.com\\\/en\\\/x-frame-options-protect-your-site-against-clickjacking\\\/\",\"url\":\"https:\\\/\\\/www.dimension-internet.com\\\/en\\\/x-frame-options-protect-your-site-against-clickjacking\\\/\",\"name\":\"X-Frame-Options: Protect your Site against Clickjacking - Dimension Internet\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.dimension-internet.com\\\/en\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.dimension-internet.com\\\/en\\\/x-frame-options-protect-your-site-against-clickjacking\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.dimension-internet.com\\\/en\\\/x-frame-options-protect-your-site-against-clickjacking\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.dimension-internet.com\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/920ae93c-680e-497c-9f88-21d8fc9d3473-2.jpg\",\"datePublished\":\"2025-05-21T06:35:17+00:00\",\"dateModified\":\"2025-07-02T12:32:15+00:00\",\"author\":{\"@id\":\"https:\\\/\\\/www.dimension-internet.com\\\/en\\\/#\\\/schema\\\/person\\\/7486d6af116e6486d140e27c9e04f7a7\"},\"description\":\"Discover how the HTTP X-Frame-Options header prevents clickjacking attacks, its directives (DENY, SAMEORIGIN, ALLOW-FROM), and how Dimension Internet assists you with its implementation.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.dimension-internet.com\\\/en\\\/x-frame-options-protect-your-site-against-clickjacking\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.dimension-internet.com\\\/en\\\/x-frame-options-protect-your-site-against-clickjacking\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.dimension-internet.com\\\/en\\\/x-frame-options-protect-your-site-against-clickjacking\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.dimension-internet.com\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/920ae93c-680e-497c-9f88-21d8fc9d3473-2.jpg\",\"contentUrl\":\"https:\\\/\\\/www.dimension-internet.com\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/920ae93c-680e-497c-9f88-21d8fc9d3473-2.jpg\",\"width\":2368,\"height\":1792},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.dimension-internet.com\\\/en\\\/x-frame-options-protect-your-site-against-clickjacking\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Accueil\",\"item\":\"https:\\\/\\\/www.dimension-internet.com\\\/en\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"X-Frame-Options: Protect your Site against Clickjacking\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.dimension-internet.com\\\/en\\\/#website\",\"url\":\"https:\\\/\\\/www.dimension-internet.com\\\/en\\\/\",\"name\":\"Dimension Internet\",\"description\":\"Graphic Arts Professional and Internet-related technologies\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.dimension-internet.com\\\/en\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.dimension-internet.com\\\/en\\\/#\\\/schema\\\/person\\\/7486d6af116e6486d140e27c9e04f7a7\",\"name\":\"Sven CAILTEUX\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"X-Frame-Options: Protect your Site against Clickjacking - Dimension Internet","description":"Discover how the HTTP X-Frame-Options header prevents clickjacking attacks, its directives (DENY, SAMEORIGIN, ALLOW-FROM), and how Dimension Internet assists you with its implementation.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.dimension-internet.com\/en\/x-frame-options-protect-your-site-against-clickjacking\/","og_locale":"en_US","og_type":"article","og_title":"X-Frame-Options: Protect your Site against Clickjacking - Dimension Internet","og_description":"Discover how the HTTP X-Frame-Options header prevents clickjacking attacks, its directives (DENY, SAMEORIGIN, ALLOW-FROM), and how Dimension Internet assists you with its implementation.","og_url":"https:\/\/www.dimension-internet.com\/en\/x-frame-options-protect-your-site-against-clickjacking\/","og_site_name":"Dimension Internet","article_publisher":"https:\/\/www.facebook.com\/dimensioninternet\/","article_published_time":"2025-05-21T06:35:17+00:00","article_modified_time":"2025-07-02T12:32:15+00:00","og_image":[{"width":2368,"height":1792,"url":"https:\/\/www.dimension-internet.com\/wp-content\/uploads\/2025\/05\/920ae93c-680e-497c-9f88-21d8fc9d3473-2.jpg","type":"image\/jpeg"}],"author":"Sven CAILTEUX","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Sven CAILTEUX","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.dimension-internet.com\/en\/x-frame-options-protect-your-site-against-clickjacking\/#article","isPartOf":{"@id":"https:\/\/www.dimension-internet.com\/en\/x-frame-options-protect-your-site-against-clickjacking\/"},"author":{"name":"Sven CAILTEUX","@id":"https:\/\/www.dimension-internet.com\/en\/#\/schema\/person\/7486d6af116e6486d140e27c9e04f7a7"},"headline":"X-Frame-Options: Protect your Site against Clickjacking","datePublished":"2025-05-21T06:35:17+00:00","dateModified":"2025-07-02T12:32:15+00:00","mainEntityOfPage":{"@id":"https:\/\/www.dimension-internet.com\/en\/x-frame-options-protect-your-site-against-clickjacking\/"},"wordCount":323,"commentCount":0,"image":{"@id":"https:\/\/www.dimension-internet.com\/en\/x-frame-options-protect-your-site-against-clickjacking\/#primaryimage"},"thumbnailUrl":"https:\/\/www.dimension-internet.com\/wp-content\/uploads\/2025\/05\/920ae93c-680e-497c-9f88-21d8fc9d3473-2.jpg","articleSection":["Development","Security"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.dimension-internet.com\/en\/x-frame-options-protect-your-site-against-clickjacking\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.dimension-internet.com\/en\/x-frame-options-protect-your-site-against-clickjacking\/","url":"https:\/\/www.dimension-internet.com\/en\/x-frame-options-protect-your-site-against-clickjacking\/","name":"X-Frame-Options: Protect your Site against Clickjacking - Dimension Internet","isPartOf":{"@id":"https:\/\/www.dimension-internet.com\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.dimension-internet.com\/en\/x-frame-options-protect-your-site-against-clickjacking\/#primaryimage"},"image":{"@id":"https:\/\/www.dimension-internet.com\/en\/x-frame-options-protect-your-site-against-clickjacking\/#primaryimage"},"thumbnailUrl":"https:\/\/www.dimension-internet.com\/wp-content\/uploads\/2025\/05\/920ae93c-680e-497c-9f88-21d8fc9d3473-2.jpg","datePublished":"2025-05-21T06:35:17+00:00","dateModified":"2025-07-02T12:32:15+00:00","author":{"@id":"https:\/\/www.dimension-internet.com\/en\/#\/schema\/person\/7486d6af116e6486d140e27c9e04f7a7"},"description":"Discover how the HTTP X-Frame-Options header prevents clickjacking attacks, its directives (DENY, SAMEORIGIN, ALLOW-FROM), and how Dimension Internet assists you with its implementation.","breadcrumb":{"@id":"https:\/\/www.dimension-internet.com\/en\/x-frame-options-protect-your-site-against-clickjacking\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.dimension-internet.com\/en\/x-frame-options-protect-your-site-against-clickjacking\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.dimension-internet.com\/en\/x-frame-options-protect-your-site-against-clickjacking\/#primaryimage","url":"https:\/\/www.dimension-internet.com\/wp-content\/uploads\/2025\/05\/920ae93c-680e-497c-9f88-21d8fc9d3473-2.jpg","contentUrl":"https:\/\/www.dimension-internet.com\/wp-content\/uploads\/2025\/05\/920ae93c-680e-497c-9f88-21d8fc9d3473-2.jpg","width":2368,"height":1792},{"@type":"BreadcrumbList","@id":"https:\/\/www.dimension-internet.com\/en\/x-frame-options-protect-your-site-against-clickjacking\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Accueil","item":"https:\/\/www.dimension-internet.com\/en\/"},{"@type":"ListItem","position":2,"name":"X-Frame-Options: Protect your Site against Clickjacking"}]},{"@type":"WebSite","@id":"https:\/\/www.dimension-internet.com\/en\/#website","url":"https:\/\/www.dimension-internet.com\/en\/","name":"Dimension Internet","description":"Graphic Arts Professional and Internet-related technologies","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.dimension-internet.com\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.dimension-internet.com\/en\/#\/schema\/person\/7486d6af116e6486d140e27c9e04f7a7","name":"Sven CAILTEUX"}]}},"_links":{"self":[{"href":"https:\/\/www.dimension-internet.com\/en\/wp-json\/wp\/v2\/posts\/1972","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.dimension-internet.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.dimension-internet.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.dimension-internet.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.dimension-internet.com\/en\/wp-json\/wp\/v2\/comments?post=1972"}],"version-history":[{"count":1,"href":"https:\/\/www.dimension-internet.com\/en\/wp-json\/wp\/v2\/posts\/1972\/revisions"}],"predecessor-version":[{"id":1973,"href":"https:\/\/www.dimension-internet.com\/en\/wp-json\/wp\/v2\/posts\/1972\/revisions\/1973"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.dimension-internet.com\/en\/wp-json\/wp\/v2\/media\/1779"}],"wp:attachment":[{"href":"https:\/\/www.dimension-internet.com\/en\/wp-json\/wp\/v2\/media?parent=1972"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.dimension-internet.com\/en\/wp-json\/wp\/v2\/categories?post=1972"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.dimension-internet.com\/en\/wp-json\/wp\/v2\/tags?post=1972"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}