Hari K
Hari K

Reputation: 1

Adding multiple domain/URL in Header set X-Frame-Options "ALLOW-FROM "

I want to add multiple domains/URL in Header set X-Frame-Options "ALLOW-FROM " (eg: Header set X-Frame-Options "ALLOW-FROM http://xyz, http://abc") in httpd.conf file . But I am unable to add 2 domains/URL as specified above. My requirement is the the X-Frame contents should be displayed only if the page is accessed from 2 different domains. So obviously I cannot give SAMEORGIN. Please specify any alternate solutions to add 2 domains/URL in X-Frame-Options.

Upvotes: 0

Views: 6422

Answers (1)

theBell
theBell

Reputation: 423

Add this to your apache configuration:

<IfModule mod_headers.c>

    Header set Content-Security-Policy "frame-ancestors http://*.example.com/ 'self';"

    # For IE 11 and below
    Header set X-Frame-Options SAMEORIGIN
    Header append X-Frame-Options "ALLOW-FROM http://example.com/" </IfModule>

Upvotes: 2

Related Questions