使用 X-Frame-Options 有三个可选的值:
DENY
:浏览器拒绝当前页面加载任何Frame页面
SAMEORIGIN
:frame页面的地址只能为同源域名下的页面
ALLOW-FROM
:origin为允许frame加载的页面地址
<?xml version="1.0" encoding="UTF-8"?>
<configuration>
<system.webServer>
<httpProtocol>
<customHeaders>
<add name="X-Frame-Options" value="ALLOW-FROM" />
</customHeaders>
</httpProtocol>
</system.webServer>
</configuration>
<?xml version="1.0" encoding="UTF-8"?><configuration><system.webServer><httpProtocol><customHeaders><add name="X-Frame-Options" value="DENY"</customHeaders></httpProtocol></system.webServer></configuration>