Prevent other sites from showing my site via iframe

WordPress has a built-in function to send the X-Frame-Options header: send_frame_options_header(). It is used by default on the login and admin pages.

If you want to enable it always, just add it for front end views:

add_action( 'template_redirect', 'send_frame_options_header' );

But … it doesn’t send Content-Security-Policy headers. If you want to have a more complete solution and disable any frame, even from the same site, you can use:

function no_frame_headers()
{
    header( "X-Frame-Options: DENY", true );
    header( "Content-Security-Policy: frame-ancestors 'none'", true );
}

And then register that callback:

add_action( 'login_init',        'no_frame_headers', 1000 );
add_action( 'admin_init',        'no_frame_headers', 1000 );
add_action( 'template_redirect', 'no_frame_headers', 1000 );

This has to go into a plugin, of course.

Related Posts:

  1. YouTube Autoplay not working
  2. iframe refuses to display
  3. Failed to load resource: net::ERR_INSECURE_RESPONSE
  4. Failed to load resource: net::ERR_BLOCKED_BY_RESPONSE
  5. How do I hide related videos at the end of a YouTube playlist embed code?
  6. Load denied by X-Frame-Options: does not permit framing
  7. Allow iframes from specific sites?
  8. Cannot add iframe in a blocktext
  9. How to get around iframes with WordPress?
  10. Iframe scrolls to middle of the page on load in Firefox [closed]
  11. iFrames when using custom shortcode, ACF and Elementor only renders alternate ones
  12. How to add data behind a login via iframe
  13. How to change src to data-src for iframe inside WP content?
  14. Iframe is not working for www.example.com/my-account
  15. iframe works for one C-Panel folder but not another
  16. Difference between document.referrer and window.parent.location.href
  17. How to align iframe always in the center
  18. Alternative to iFrames with HTML5
  19. iFrame onload JavaScript event
  20. Remove border from IFrame
  21. Blocked script execution in because the document’s frame is sandboxed – Angular application
  22. Inserting the iframe into react component
  23. Make iframe automatically adjust height according to the contents without using scrollbar?
  24. “Full screen” iframe
  25. How to disable auto-play for local video in iframe
  26. difference between iframe, embed and object elements
  27. Embedding instagram webpage inside an iframe
  28. Proper Format of iframe in PHP?
  29. Reload an iframe with jQuery
  30. What’s the best way to reload / refresh an iframe?
  31. Responsive iframe with max width and height
  32. Iframe’s overflow problem
  33. How to embed an autoplaying YouTube video in an iframe?
  34. html : iframe not showing content in html
  35. Adding iframe Content to Sidebar Widget
  36. WordPress Gutenberg Embed Blocks Are Not Responsive
  37. Make fonts.com font work in TinyMCE (iframe referrer issue)
  38. Embed iframe or html page into dashboard widget
  39. When switching from html to visual editor the tag gets corrupted
  40. Is there a hook to put stylesheet and/or JS inside iframes (thickbox or tinyMCE) in admin area
  41. Add post class to the TinyMCE iframe?
  42. How to add editor-style.css styling to wp_editor on front end for comments
  43. Load post content into iframe
  44. WP Cron doesn’t save or in post body
  45. Youtube – Embed as IFRAME
  46. Remove Header and Footer in iframe
  47. Embed WordPress Admin in an iframe
  48. Allow all attributes in $allowedposttags tags
  49. How do i disable/disallow and tags in TinyMCE?
  50. How to fix samesite attribute in wordpress for chrome errors?
  51. How to ensure the visual editor doesn’t ruin my iframe?
  52. Access tinymce from thickbox
  53. wp_insert_post iframe missing
  54. Check if page is embeded
  55. Embed Post in external page
  56. echo same menu items across multi-site platform
  57. Custom Login iframe doesn’t work
  58. Iframe a WordPress template
  59. get_the_category_list open in parent window
  60. How to Add Custom CSS to the Media Thickbox?
  61. Woocommerce: Can’t put items in cart in iframe and on iphone
  62. External content won’t load in iframe in Safari
  63. Side effects of Script and Iframe in post
  64. Iframe disappears when author updates page
  65. WordPress plugin admin html being shown in Customizer iframe
  66. Does get_the_content_feed strip invalid tags?
  67. Set 3 iframes in a row
  68. WordPress Template Part in iFrame
  69. WP.org acceptable iframe alternative
  70. My redirect URL doesn’t show any pages on my website [closed]
  71. Dynamic URL and pass the data to an iframe
  72. How to insert HTML/CSS/JS into my iframe plugin?
  73. Designing a plugin that uses an iFrame to process data in admin
  74. How do I include and iframe in a Custom Block?
  75. How do I use an iFrame for my header in WordPress twenty seventeen?
  76. Embed Latest Track (Dynamic Updating) SoundCloud
  77. Pass URL to iframe in WordPress Block
  78. A message to clients in the dashboard widget received from another site
  79. How can I use an iframe element as my header media?
  80. WP Refused to display ‘URL’ in a frame because it set ‘X-Frame-Options’ to ‘sameorigin’
  81. Can’t Listen to KeyDown in TInyMCE Iframe (jQuery) and Pass it to Parent HTML FORM
  82. Disable automatic embed links
  83. How to use wp_filter_oembed_result?
  84. Load oEmbed iframe within ajax call
  85. How to completely prevent WordPress from destroying/modifying my shortcode outputs?
  86. WordPress Mediaelement – Youtube Videos Embed Options
  87. Is it possible to embedd this web app to my website [duplicate]
  88. Experts opinions needed: How (in)secure is this approach?
  89. Post preview in iframe without saving the post
  90. Issue with iframe in TinyMCE
  91. Export to WXR for pages containing script and iframe tags
  92. iframe not being displayed in a widget
  93. Allow iframe in custom meta box
  94. IFrame Shortcode plugin – issue
  95. iframe not showing on frontend when using a CMB2 field
  96. How can I create iframe/embeddable content from my WordPress site?
  97. A way to upload old html pages with all its assets via WordPress admin and to add a fixed menu on top of those (a la Wayback Machine)
  98. What purpose does /embed/ URL have and how to avoid SEO problems?
  99. How To Add CSP frame ancestors in WordPress Website? [closed]
  100. How do I modify each instance of setcookie?