Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
semiquaver
on Aug 11, 2022
|
parent
|
context
|
favorite
| on:
Let websites framebust out of native apps
This is not a custom header (i.e. one with no UA semantics), it is a standardized header called X-Frame-Options which requires the “X-“ for browsers to recognize it. The prefix is an artifact of the era the header was introduced in.
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-...
thayne
on Aug 11, 2022
[–]
It's also been deprecated in favor of the content-security-policy header.
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-...