As an HTTP header this attempts to restrict the use of the content in an iFrame! I don't see how this magic could work. Maybe it only behaves itself in newer browsers that look for the header. DENY as an option here prevents the use of the page in an iFrame outright while SAMEORIGIN allows the same site to have iFrames to itself more or less. ALLOW-FROM lets one spec a list of URLs for acceptable "framers" so to speak.
No comments:
Post a Comment