how to block FRAME src from other websites to our website

Question

I've a question about FRAMESET, My website perfectly load on another domains if they use following code.

<HTML>
<HEAD>
<META http-equiv="Content-Type" content="text/html; charset=UTF-8">
<META http-equiv="Cache-Control" content="no-cache">
</HEAD>
<FRAMESET>
<FRAME src="https://www.mywebsite.com" noresize>
<NOFRAMES>
    Your browser does not support frames.
</NOFRAMES>
</FRAMESET>
</HTML>


But this above code doesn't work for other websites. because they already blocked it.

Here is my qeustion:

How can I block this method of FRAMESET that other websites won't be able to load my website into their websites?

As something I know, we can use JavaScript method like window.top.location.href to redirect other domains to our website if they use FRAMESET, but what's the best solution for this method? Not redirect method, something better way, I highly appreciate your help and advice on this issue. Thanks in advance

Possible duplicate of [How to prevent my site page from being loaded into other website iframe?](http://stackoverflow.com/questions/18800271/how-to-prevent-my-site-page-from-being-loaded-into-other-website-iframe) — Alexander O'Mara, Jul 24 '16 at 16:21
Possible duplicate of : http://stackoverflow.com/questions/19843085/how-to-block-website-from-loading-in-iframe and/or http://stackoverflow.com/questions/18800271/how-to-prevent-my-site-page-from-being-loaded-into-other-website-iframe — JonSG, Jul 24 '16 at 16:25
For your information, I used but it doesn't work, still I can load my website in another domain, and I'm not looking for JavaScript method. so IT'S NOT duplicate question. don't mark it as duplicate — Alexandr rechiardson, Jul 24 '16 at 16:29
you tagged the question as a javascript question, that's why it seems like a duplicate. Personally, I'd use `mod_rewrite` in an `.htaccess` file, but that's heavily dependent upon your server setup, hosting, etc. — Toby, Jul 24 '16 at 17:02

score 1 · Accepted Answer · answered Jul 24 '16 at 18:47

As you can read here

Meta-tags that attempt to apply the X-Frame-Options directive DO NOT WORK. For example, ) will not work. You must apply the X-FRAME-OPTIONS directive as HTTP Response Header as described above.

In my expierence with PHP it's working when I use for example something like this

<?php
header('X-Frame-Options: SAMEORIGIN');

instead of using a meta tag like

<meta http-equiv="X-Frame-Options" content="SAMEORIGIN">

So you have to add your X-Frame-Options to header instead of meta tag in HTML head section.

Thanks for your awesome answer. this was exactly what I was looking for. now it's working like charm. Thanks — Alexandr rechiardson, Jul 24 '16 at 20:12

how to block FRAME src from other websites to our website

1 Answers1