The X-Frame-Options HTTP response header can be used to indicate whether or not a browser should be allowed to render a page in a , </code>, <code><embed></code> or <code><object></code>. Sites can use this to avoid click-jacking attacks, by ensuring that their content is not embedded into other sites.</p> </div> <p>The added security is provided only if the user accessing the document is using a browser that supports <code>X-Frame-Options</code>.</p> </div> </section> <section class="tsd-panel tsd-hierarchy"> <h3>Hierarchy</h3> <ul class="tsd-hierarchy"> <li> <span class="target">XFrameHandler</span> </li> </ul> </section> <section class="tsd-panel"> <h3>Implements</h3> <ul class="tsd-hierarchy"> <li><span class="tsd-signature-type">any</span></li> <li><a href="../interfaces/securitypolicyhandler.html" class="tsd-signature-type">SecurityPolicyHandler</a></li> </ul> </section> <section class="tsd-panel-group tsd-index-group"> <h2>Index</h2> <section class="tsd-panel tsd-index-panel"> <div class="tsd-index-content"> <section class="tsd-index-section "> <h3>Properties</h3> <ul class="tsd-index-list"> <li class="tsd-kind-property tsd-parent-kind-class tsd-is-static"><a href="xframehandler.html#deny" class="tsd-kind-icon">DENY</a></li> <li class="tsd-kind-property tsd-parent-kind-class tsd-is-static"><a href="xframehandler.html#sameorigin" class="tsd-kind-icon">SAMEORIGIN</a></li> </ul> </section> <section class="tsd-index-section "> <h3>Methods</h3> <ul class="tsd-index-list"> <li class="tsd-kind-method tsd-parent-kind-class"><a href="xframehandler.html#handle" class="tsd-kind-icon">handle</a></li> <li class="tsd-kind-method tsd-parent-kind-class tsd-is-static"><a href="xframehandler.html#create" class="tsd-kind-icon">create</a></li> </ul> </section> </div> </section> </section> <section class="tsd-panel-group tsd-member-group "> <h2>Properties</h2> <section class="tsd-panel tsd-member tsd-kind-property tsd-parent-kind-class tsd-is-static"> <a name="deny" class="tsd-anchor"></a> <h3><span class="tsd-flag ts-flagStatic">Static</span> <span class="tsd-flag ts-flagReadonly">Readonly</span> DENY</h3> <div class="tsd-signature tsd-kind-icon">DENY<span class="tsd-signature-symbol">:</span> <span class="tsd-signature-type">string</span></div> <aside class="tsd-sources"> <ul> <li>Defined in io.vertx/vertx-web/target/npm/index.d.ts:3289</li> </ul> </aside> <div class="tsd-comment tsd-typography"> <div class="lead"> <p>The page cannot be displayed in a frame, regardless of the site attempting to do so.</p> </div> </div> </section> <section class="tsd-panel tsd-member tsd-kind-property tsd-parent-kind-class tsd-is-static"> <a name="sameorigin" class="tsd-anchor"></a> <h3><span class="tsd-flag ts-flagStatic">Static</span> <span class="tsd-flag ts-flagReadonly">Readonly</span> SAMEORIGIN</h3> <div class="tsd-signature tsd-kind-icon">SAMEORIGIN<span class="tsd-signature-symbol">:</span> <span class="tsd-signature-type">string</span></div> <aside class="tsd-sources"> <ul> <li>Defined in io.vertx/vertx-web/target/npm/index.d.ts:3296</li> </ul> </aside> <div class="tsd-comment tsd-typography"> <div class="lead"> <p>The page can only be displayed in a frame on the same origin as the page itself. The spec leaves it up to browser vendors to decide whether this option applies to the top level, the parent, or the whole chain, although it is argued that the option is not very useful unless all ancestors are also in the same origin.</p> </div> </div> </section> </section> <section class="tsd-panel-group tsd-member-group "> <h2>Methods</h2> <section class="tsd-panel tsd-member tsd-kind-method tsd-parent-kind-class"> <a name="handle" class="tsd-anchor"></a> <h3>handle</h3> <ul class="tsd-signatures tsd-kind-method tsd-parent-kind-class"> <li class="tsd-signature tsd-kind-icon">handle<span class="tsd-signature-symbol">(</span>arg0<span class="tsd-signature-symbol">: </span><a href="routingcontext.html" class="tsd-signature-type">RoutingContext</a><span class="tsd-signature-symbol">)</span><span class="tsd-signature-symbol">: </span><span class="tsd-signature-type">void</span></li> </ul> <ul class="tsd-descriptions"> <li class="tsd-description"> <aside class="tsd-sources"> <p>Implementation of <a href="../interfaces/securitypolicyhandler.html">SecurityPolicyHandler</a>.<a href="../interfaces/securitypolicyhandler.html#handle">handle</a></p> <ul> <li>Defined in io.vertx/vertx-web/target/npm/index.d.ts:3298</li> </ul> </aside> <h4 class="tsd-parameters-title">Parameters</h4> <ul class="tsd-parameters"> <li> <h5>arg0: <a href="routingcontext.html" class="tsd-signature-type">RoutingContext</a></h5> </li> </ul> <h4 class="tsd-returns-title">Returns <span class="tsd-signature-type">void</span></h4> </li> </ul> </section> <section class="tsd-panel tsd-member tsd-kind-method tsd-parent-kind-class tsd-is-static"> <a name="create" class="tsd-anchor"></a> <h3><span class="tsd-flag ts-flagStatic">Static</span> create</h3> <ul class="tsd-signatures tsd-kind-method tsd-parent-kind-class tsd-is-static"> <li class="tsd-signature tsd-kind-icon">create<span class="tsd-signature-symbol">(</span>action<span class="tsd-signature-symbol">: </span><span class="tsd-signature-type">string</span><span class="tsd-signature-symbol">)</span><span class="tsd-signature-symbol">: </span><a href="xframehandler.html" class="tsd-signature-type">XFrameHandler</a></li> </ul> <ul class="tsd-descriptions"> <li class="tsd-description"> <aside class="tsd-sources"> <ul> <li>Defined in io.vertx/vertx-web/target/npm/index.d.ts:3303</li> </ul> </aside> <div class="tsd-comment tsd-typography"> <div class="lead"> <p>Creates a new handler that will add the <code>X-FRAME-OPTIONS</code> header to the current response.</p> </div> </div> <h4 class="tsd-parameters-title">Parameters</h4> <ul class="tsd-parameters"> <li> <h5>action: <span class="tsd-signature-type">string</span></h5> </li> </ul> <h4 class="tsd-returns-title">Returns <a href="xframehandler.html" class="tsd-signature-type">XFrameHandler</a></h4> </li> </ul> </section> </section> </div> <div class="col-4 col-menu menu-sticky-wrap menu-highlight"> <nav class="tsd-navigation primary"> <ul> <li class="globals "> <a href="../globals.html"><em>Globals</em></a> </li> </ul> </nav> <nav class="tsd-navigation secondary menu-sticky"> <ul class="before-current"> </ul> <ul class="current"> <li class="current tsd-kind-class"> <a href="xframehandler.html" class="tsd-kind-icon">XFrame<wbr>Handler</a> <ul> <li class=" tsd-kind-property tsd-parent-kind-class tsd-is-static"> <a href="xframehandler.html#deny" class="tsd-kind-icon">DENY</a> </li> <li class=" tsd-kind-property tsd-parent-kind-class tsd-is-static"> <a href="xframehandler.html#sameorigin" class="tsd-kind-icon">SAMEORIGIN</a> </li> <li class=" tsd-kind-method tsd-parent-kind-class"> <a href="xframehandler.html#handle" class="tsd-kind-icon">handle</a> </li> <li class=" tsd-kind-method tsd-parent-kind-class tsd-is-static"> <a href="xframehandler.html#create" class="tsd-kind-icon">create</a> </li> </ul> </li> </ul> <ul class="after-current"> </ul> </nav> </div> </div> </div> <footer class="with-border-bottom"> <div class="container"> <h2>Legend</h2> <div class="tsd-legend-group"> <ul class="tsd-legend"> <li class="tsd-kind-constructor tsd-parent-kind-class"><span class="tsd-kind-icon">Constructor</span></li> <li class="tsd-kind-method tsd-parent-kind-class"><span class="tsd-kind-icon">Method</span></li> </ul> <ul class="tsd-legend"> <li class="tsd-kind-property tsd-parent-kind-class tsd-is-static"><span class="tsd-kind-icon">Static property</span></li> <li class="tsd-kind-method tsd-parent-kind-class tsd-is-static"><span class="tsd-kind-icon">Static method</span></li> </ul> <ul class="tsd-legend"> <li class="tsd-kind-method tsd-parent-kind-interface"><span class="tsd-kind-icon">Method</span></li> </ul> <ul class="tsd-legend"> <li class="tsd-kind-method tsd-parent-kind-class tsd-is-inherited"><span class="tsd-kind-icon">Inherited method</span></li> </ul> </div> </div> </footer> <div class="container tsd-generator"> <p>Generated using <a href="https://typedoc.org/" target="_blank">TypeDoc</a></p> </div> <div class="overlay"></div> <script src="../assets/js/main.js"></script> </body> </html>
</code>, <code><embed></code> or <code><object></code>. Sites can use this to avoid click-jacking attacks, by ensuring that their content is not embedded into other sites.</p> </div> <p>The added security is provided only if the user accessing the document is using a browser that supports <code>X-Frame-Options</code>.</p> </div> </section> <section class="tsd-panel tsd-hierarchy"> <h3>Hierarchy</h3> <ul class="tsd-hierarchy"> <li> <span class="target">XFrameHandler</span> </li> </ul> </section> <section class="tsd-panel"> <h3>Implements</h3> <ul class="tsd-hierarchy"> <li><span class="tsd-signature-type">any</span></li> <li><a href="../interfaces/securitypolicyhandler.html" class="tsd-signature-type">SecurityPolicyHandler</a></li> </ul> </section> <section class="tsd-panel-group tsd-index-group"> <h2>Index</h2> <section class="tsd-panel tsd-index-panel"> <div class="tsd-index-content"> <section class="tsd-index-section "> <h3>Properties</h3> <ul class="tsd-index-list"> <li class="tsd-kind-property tsd-parent-kind-class tsd-is-static"><a href="xframehandler.html#deny" class="tsd-kind-icon">DENY</a></li> <li class="tsd-kind-property tsd-parent-kind-class tsd-is-static"><a href="xframehandler.html#sameorigin" class="tsd-kind-icon">SAMEORIGIN</a></li> </ul> </section> <section class="tsd-index-section "> <h3>Methods</h3> <ul class="tsd-index-list"> <li class="tsd-kind-method tsd-parent-kind-class"><a href="xframehandler.html#handle" class="tsd-kind-icon">handle</a></li> <li class="tsd-kind-method tsd-parent-kind-class tsd-is-static"><a href="xframehandler.html#create" class="tsd-kind-icon">create</a></li> </ul> </section> </div> </section> </section> <section class="tsd-panel-group tsd-member-group "> <h2>Properties</h2> <section class="tsd-panel tsd-member tsd-kind-property tsd-parent-kind-class tsd-is-static"> <a name="deny" class="tsd-anchor"></a> <h3><span class="tsd-flag ts-flagStatic">Static</span> <span class="tsd-flag ts-flagReadonly">Readonly</span> DENY</h3> <div class="tsd-signature tsd-kind-icon">DENY<span class="tsd-signature-symbol">:</span> <span class="tsd-signature-type">string</span></div> <aside class="tsd-sources"> <ul> <li>Defined in io.vertx/vertx-web/target/npm/index.d.ts:3289</li> </ul> </aside> <div class="tsd-comment tsd-typography"> <div class="lead"> <p>The page cannot be displayed in a frame, regardless of the site attempting to do so.</p> </div> </div> </section> <section class="tsd-panel tsd-member tsd-kind-property tsd-parent-kind-class tsd-is-static"> <a name="sameorigin" class="tsd-anchor"></a> <h3><span class="tsd-flag ts-flagStatic">Static</span> <span class="tsd-flag ts-flagReadonly">Readonly</span> SAMEORIGIN</h3> <div class="tsd-signature tsd-kind-icon">SAMEORIGIN<span class="tsd-signature-symbol">:</span> <span class="tsd-signature-type">string</span></div> <aside class="tsd-sources"> <ul> <li>Defined in io.vertx/vertx-web/target/npm/index.d.ts:3296</li> </ul> </aside> <div class="tsd-comment tsd-typography"> <div class="lead"> <p>The page can only be displayed in a frame on the same origin as the page itself. The spec leaves it up to browser vendors to decide whether this option applies to the top level, the parent, or the whole chain, although it is argued that the option is not very useful unless all ancestors are also in the same origin.</p> </div> </div> </section> </section> <section class="tsd-panel-group tsd-member-group "> <h2>Methods</h2> <section class="tsd-panel tsd-member tsd-kind-method tsd-parent-kind-class"> <a name="handle" class="tsd-anchor"></a> <h3>handle</h3> <ul class="tsd-signatures tsd-kind-method tsd-parent-kind-class"> <li class="tsd-signature tsd-kind-icon">handle<span class="tsd-signature-symbol">(</span>arg0<span class="tsd-signature-symbol">: </span><a href="routingcontext.html" class="tsd-signature-type">RoutingContext</a><span class="tsd-signature-symbol">)</span><span class="tsd-signature-symbol">: </span><span class="tsd-signature-type">void</span></li> </ul> <ul class="tsd-descriptions"> <li class="tsd-description"> <aside class="tsd-sources"> <p>Implementation of <a href="../interfaces/securitypolicyhandler.html">SecurityPolicyHandler</a>.<a href="../interfaces/securitypolicyhandler.html#handle">handle</a></p> <ul> <li>Defined in io.vertx/vertx-web/target/npm/index.d.ts:3298</li> </ul> </aside> <h4 class="tsd-parameters-title">Parameters</h4> <ul class="tsd-parameters"> <li> <h5>arg0: <a href="routingcontext.html" class="tsd-signature-type">RoutingContext</a></h5> </li> </ul> <h4 class="tsd-returns-title">Returns <span class="tsd-signature-type">void</span></h4> </li> </ul> </section> <section class="tsd-panel tsd-member tsd-kind-method tsd-parent-kind-class tsd-is-static"> <a name="create" class="tsd-anchor"></a> <h3><span class="tsd-flag ts-flagStatic">Static</span> create</h3> <ul class="tsd-signatures tsd-kind-method tsd-parent-kind-class tsd-is-static"> <li class="tsd-signature tsd-kind-icon">create<span class="tsd-signature-symbol">(</span>action<span class="tsd-signature-symbol">: </span><span class="tsd-signature-type">string</span><span class="tsd-signature-symbol">)</span><span class="tsd-signature-symbol">: </span><a href="xframehandler.html" class="tsd-signature-type">XFrameHandler</a></li> </ul> <ul class="tsd-descriptions"> <li class="tsd-description"> <aside class="tsd-sources"> <ul> <li>Defined in io.vertx/vertx-web/target/npm/index.d.ts:3303</li> </ul> </aside> <div class="tsd-comment tsd-typography"> <div class="lead"> <p>Creates a new handler that will add the <code>X-FRAME-OPTIONS</code> header to the current response.</p> </div> </div> <h4 class="tsd-parameters-title">Parameters</h4> <ul class="tsd-parameters"> <li> <h5>action: <span class="tsd-signature-type">string</span></h5> </li> </ul> <h4 class="tsd-returns-title">Returns <a href="xframehandler.html" class="tsd-signature-type">XFrameHandler</a></h4> </li> </ul> </section> </section> </div> <div class="col-4 col-menu menu-sticky-wrap menu-highlight"> <nav class="tsd-navigation primary"> <ul> <li class="globals "> <a href="../globals.html"><em>Globals</em></a> </li> </ul> </nav> <nav class="tsd-navigation secondary menu-sticky"> <ul class="before-current"> </ul> <ul class="current"> <li class="current tsd-kind-class"> <a href="xframehandler.html" class="tsd-kind-icon">XFrame<wbr>Handler</a> <ul> <li class=" tsd-kind-property tsd-parent-kind-class tsd-is-static"> <a href="xframehandler.html#deny" class="tsd-kind-icon">DENY</a> </li> <li class=" tsd-kind-property tsd-parent-kind-class tsd-is-static"> <a href="xframehandler.html#sameorigin" class="tsd-kind-icon">SAMEORIGIN</a> </li> <li class=" tsd-kind-method tsd-parent-kind-class"> <a href="xframehandler.html#handle" class="tsd-kind-icon">handle</a> </li> <li class=" tsd-kind-method tsd-parent-kind-class tsd-is-static"> <a href="xframehandler.html#create" class="tsd-kind-icon">create</a> </li> </ul> </li> </ul> <ul class="after-current"> </ul> </nav> </div> </div> </div> <footer class="with-border-bottom"> <div class="container"> <h2>Legend</h2> <div class="tsd-legend-group"> <ul class="tsd-legend"> <li class="tsd-kind-constructor tsd-parent-kind-class"><span class="tsd-kind-icon">Constructor</span></li> <li class="tsd-kind-method tsd-parent-kind-class"><span class="tsd-kind-icon">Method</span></li> </ul> <ul class="tsd-legend"> <li class="tsd-kind-property tsd-parent-kind-class tsd-is-static"><span class="tsd-kind-icon">Static property</span></li> <li class="tsd-kind-method tsd-parent-kind-class tsd-is-static"><span class="tsd-kind-icon">Static method</span></li> </ul> <ul class="tsd-legend"> <li class="tsd-kind-method tsd-parent-kind-interface"><span class="tsd-kind-icon">Method</span></li> </ul> <ul class="tsd-legend"> <li class="tsd-kind-method tsd-parent-kind-class tsd-is-inherited"><span class="tsd-kind-icon">Inherited method</span></li> </ul> </div> </div> </footer> <div class="container tsd-generator"> <p>Generated using <a href="https://typedoc.org/" target="_blank">TypeDoc</a></p> </div> <div class="overlay"></div> <script src="../assets/js/main.js"></script> </body> </html>
The X-Frame-Options HTTP response header can be used to indicate whether or not a browser should be allowed to render a page in a
,