Reputation: 8029
How do I counter iframe security problems?
I heard there are many security issues that could arise when you use iframes. I already handle XSS, what else should I do to make sure no problems happen?
I came across some JS codes where you use top.window, but my concern is that any client-side code is not reliable, anything else I can do from the server side? (I am currently using php, but would be awesome if the solution is generic)
UPDATE: to make things clearer, I am actually using an iframe, its just because I don't want the headers, menues etc.. to be refreshed every time. So I am trying to find a way to use iframe without falling into security problems.
Upvotes: 0
Views: 182
Answers (1)
Reputation: 13266
You could set the X-FRAME-OPTIONS header to deny. This will let the browsers know that if the resource is loaded via iframe then don't display.
You can read more about this & configuring the server to send this header @ MDN. Also, you in PHP you can use
header("X-FRAME-OPTIONS: DENY")
Upvotes: 1
Related Questions
- Executing HTML5/Javascript Within An iFrame Securely
- Apply security checks on <iframe>
- How to Secure iframe source
- Stopping webpage compromise by preventing frame-busting
- Prevent iframe breakout HTML 5 / JS
- preventing iframe security issue
- Java script in IFRAME security issues
- How to forbid framing
- How to prevent Iframe hack
- Iframe Security Issues