X-Frame-Options

The X-Frame-Options HTTP header field protects pages against clickjacking attacks by allowing sites to opt-out of being embedded in cross-origin (or any) contexts.

Specification

Established standard

Status in Chromium

Enabled by default in:

  • Chrome for desktop release 4
  • Chrome for Android release 4
  • Chrome for iOS release 4
  • Android WebView release 4
  • Opera release 4
  • Opera for Android release 4

Consensus & Standardization

  • Shipped
  • Shipped
  • Shipped
  • Positive

Owner

Last updated on 2016-04-13