How useful is the X-Frame-Options header to protect against malicious cropping?

Question

How useful is the X-Frame-Options header to protect against malicious cropping?

Adding X-Frame-Options DENYa response to the header helps protect against malicious cropping of the web page, and it is certainly better to use client-side JavaScript solutions as a solution.

But how useful is this? Is this supported by all (modern) browsers and can it be bypassed by hackers seeking to take over your site?

+5

security http-headers iframe

Catch22 01 Oct '10 at 11:09

source share

1 answer

bobince · Accepted Answer · 2010-10-01T11:38:06+0000

EricLaw page maintains a list of supported browsers.

; , . , , , - <script>, top.location ( --busting, . this ).

script X-Frame-Options, . X-Frame-Options " ", , , Google Images, .

, IE6-7 -. , X-Frame-Options <iframe security>. <base target="_top">, - ( , --), -iframe-overlay.

How useful is the X-Frame-Options header to protect against malicious cropping?

More articles: