I've a question about FRAMESET, My website perfectly load on another domains if they use following code.
<HTML>
<HEAD>
<META http-equiv="Content-Type" content="text/html; charset=UTF-8">
<META http-equiv="Cache-Control" content="no-cache">
</HEAD>
<FRAMESET>
<FRAME src="https://www.mywebsite.com" noresize>
<NOFRAMES>
Your browser does not support frames.
</NOFRAMES>
</FRAMESET>
</HTML>
But this above code doesn't work for other websites. because they already blocked it.
Here is my qeustion:
How can I block this method of FRAMESET that other websites won't be able to load my website into their websites?
As something I know, we can use JavaScript method like window.top.location.href to redirect other domains to our website if they use FRAMESET, but what's the best solution for this method? Not redirect method, something better way, I highly appreciate your help and advice on this issue. Thanks in advance
As you can read here
Meta-tags that attempt to apply the X-Frame-Options directive DO NOT WORK. For example, ) will not work. You must apply the X-FRAME-OPTIONS directive as HTTP Response Header as described above.
In my expierence with PHP it's working when I use for example something like this
<?php
header('X-Frame-Options: SAMEORIGIN');
instead of using a meta tag like
<meta http-equiv="X-Frame-Options" content="SAMEORIGIN">
So you have to add your X-Frame-Options to header instead of meta tag in HTML head section.