[The X-Frame-Options HTTP header field indicates a policy that specifies whether the browser should render the transmitted resource within a or an <iframe>. Servers can declare this policy in the header of their HTTP responses to prevent clickjacking attacks, which ensures that their content is not embedded into other pages or frames.](https://datatracker.ietf.org/doc/html/rfc7034#section-2 "Read documentation for HTTP Header Field "X-Frame-Options"") (**[RFC 7034: HTTP Header Field X-Frame-Options](/specs/IETF/RFC/7034 "To improve the protection of web applications against clickjacking, this document describes the X-Frame-Options HTTP header field, which declares a policy, communicated from the server to the client browser, regarding whether the browser may display the transmitted content in frames that are part of other web pages.")**)



JSON

Return to list of all ( HTTP Header Fields | Web Concepts )