网站防盗链-防止被嵌入iframe
其他的网站可能会使用iframe来进行盗链,我们可以设置属性
Configuring Apache
To configure Apache to send the X-Frame-Options header for all pages, add this to your site's configuration:
Header always append X-Frame-Options SAMEORIGIN
Configuring nginx
To configure nginx to send the X-Frame-Options header, add this either to your http, server or location configuration:
add_header X-Frame-Options SAMEORIGIN;
Configuring IIS
To configure IIS to send the X-Frame-Options header, add this your site's Web.config file:
<system.webServer> ... <httpProtocol> <customHeaders> <add name="X-Frame-Options" value="SAMEORIGIN" /> </customHeaders> </httpProtocol> ... </system.webServer>
Configuring HAProxy
To configure HAProxy to send the X-Frame-Options header, add this to your frontend, listen, or backend configuration:
rspadd X-Frame-Options:\ SAMEORIGIN
Results
When an attempt is made to load content into a frame, and permission is denied by the X-Frame-Options header, Firefox currently renders about:blank into the frame. At some point, an error message of some kind will be displayed in the frame instead.