WordPress Developer Resources

send_frame_options_header()

Sends a HTTP header to limit rendering of pages to same origin iframes.

Description

See also

Source

function send_frame_options_header() {
	if ( ! headers_sent() ) {
		header( 'X-Frame-Options: SAMEORIGIN' );
		header( "Content-Security-Policy: frame-ancestors 'self';" );
	}
}

View all references View on Trac View on GitHub

Changelog

Version	Description
3.1.3	Introduced.

User Contributed Notes

Skip to note 2 content

esquire900 6 years ago

You must log in to vote on the helpfulness of this noteVote results for this note: 0You must log in to vote on the helpfulness of this note

For those who would like to change this behavior, try using .htaccess instead of modifying this function directly, i.e.

Header always unset X-Frame-Options

Log in to add feedback

You must log in before being able to contribute a note or feedback.