Securing an iFrame
There are security concerns to consider when embedding content into your web pages using <iframe>
elements. The following security mechanisms are best practices to consider in order to make your <iframe>
elements more secure.
Configure Content Security Policy (CSP) directives
CSP provides a set of HTTP Headers to your web pages that improve the security of your HTML document. For securing <iframe>
s you’ll want to ensure your site has an appropriate X-Frame-Options
header configured. Configuring the X-Frame-Options
header adds security by preventing other sites from embedding your content into their web page.
Use HTTPS
Whenever possible serve your websites using HTTPS. Enabling HTTPS on your site prevents embedded content from accessing the content in your parent document and vice versa.
Resources:
For more details on any of the security concerns or practices listed above visit the following resource:
Comments
Please sign in to leave a comment.