Hari K
Reputation: 1
Adding multiple domain/URL in Header set X-Frame-Options "ALLOW-FROM "
I want to add multiple domains/URL in Header set X-Frame-Options "ALLOW-FROM " (eg: Header set X-Frame-Options "ALLOW-FROM http://xyz, http://abc") in httpd.conf file . But I am unable to add 2 domains/URL as specified above. My requirement is the the X-Frame contents should be displayed only if the page is accessed from 2 different domains. So obviously I cannot give SAMEORGIN. Please specify any alternate solutions to add 2 domains/URL in X-Frame-Options.
Upvotes: 0
Views: 6422
Answers (1)
theBell
Reputation: 423
Add this to your apache configuration:
<IfModule mod_headers.c>
Header set Content-Security-Policy "frame-ancestors http://*.example.com/ 'self';"
# For IE 11 and below
Header set X-Frame-Options SAMEORIGIN
Header append X-Frame-Options "ALLOW-FROM http://example.com/" </IfModule>
Upvotes: 2
Related Questions
- X-Frame-Options to support different subdomain of same domain
- Apache X-Frame-Options Allow-From multiple domains
- X-Frame-Options on Apache
- X-Frame-Options Allow-From multiple domains
- Set x-frame-options to allow and disallow certain URLs to frame a page
- How to add "X-Frame-Options" header in .htaccess file to protect against 'ClickJacking' attacks
- Add multiple domains in x-frame-options on header with Laravel
- Respect X-Frame-Options with HTTP redirect
- How to "allow-from" more than one domain for "X-Frame-Options" in Rails 4 controller?
- Clickjacking protection using 'X-Frame-Options'?