ᨈᨙᨇᨙ URL ᨑᨗ ᨔᨕᨗᨉᨅ ᨄᨚᨒᨙ ᨆᨇᨘᨒᨕᨗ
ᨈᨙᨀᨊ S ᨄᨚᨒᨙ ᨁᨊᨗ ᨔᨕᨗᨉᨅ · ? ᨄᨚᨒᨙ ᨅᨊᨘᨈᨔᨗᨈᨘᨔ ᨙᨊᨙ ᨅᨗᨔ ᨆᨅᨒᨚᨀᨗ ᨄᨊᨙᨇᨒᨊ iframe. ᨒᨙᨇᨑᨊ ᨅᨗᨔ ᨆᨌᨘᨒ ᨀᨚᨔᨚ.
ᨈᨙᨇᨙ URL ᨑᨗ ᨔᨕᨗᨉᨅ ᨄᨚᨒᨙ ᨆᨇᨘᨒᨕᨗ
ᨈᨙᨀᨊ S ᨄᨚᨒᨙ ᨁᨊᨗ ᨔᨕᨗᨉᨅ · ? ᨄᨚᨒᨙ ᨅᨊᨘᨈᨆᨙᨁ ᨔᨗᨈᨘᨔ ᨆᨅᨒᨚᨀᨗ ᨄᨊᨙᨇᨒᨊ iframe ᨆᨙᨒᨕᨒᨘᨗ HTTP header. ᨕᨙᨊᨙ ᨄᨗᨈᨘᨑ ᨀᨕᨆᨊ ᨄᨚᨒᨙ ᨆᨄᨒᨗᨊᨉᨘᨁᨗ clickjacking.
ᨔᨗᨈᨘᨔ ᨆᨀᨗᨑᨗ header ᨑᨗ ᨅᨑᨕᨘᨔᨑᨆᨘ: "ᨕᨍ ᨆᨈᨙᨇᨙ ᨕᨒᨙ." ᨅᨑᨕᨘᨔᨑᨊ ᨆᨄᨈᨘᨑᨘ → iframe ᨀᨚᨔᨚ.
| Header | ᨄᨊᨁᨑᨘ |
|---|---|
X-Frame-Options: DENY | ᨅᨒᨚᨀᨗ ᨔᨗᨊᨗᨊ |
X-Frame-Options: SAMEORIGIN | ᨉᨚᨆᨙᨗᨊ ᨄᨉ ᨆᨊᨙ |
CSP: frame-ancestors 'none' | ᨅᨒᨚᨀᨗ ᨆᨚᨉᨙᨑᨊ |
| ᨔᨗᨈᨘᨔ | ᨔᨈᨈᨘᨔ |
|---|---|
| Google, Gmail, GitHub | ᨑᨗᨅᨒᨚᨀᨗ |
| Facebook, X / Twitter | ᨑᨗᨅᨒᨚᨀᨗ |
| Wikipedia | ᨔᨅᨁᨗᨊ |
| ᨔᨗᨈᨘᨔ ᨄᨘᨑᨆᨘ | ᨆᨍᨍᨗ ✓ |
| ᨄᨑᨀᨀᨔ ᨑᨗᨒᨒᨙ / dashboard | ᨆᨍᨍᨗ ✓ |
| ᨔᨗᨈᨘᨔ ᨔᨈᨈᨗᨔ / ᨉᨚᨀᨘᨆᨙᨊ | ᨆᨍᨍᨗ ✓ |
ᨕᨈᨘᨑ frame-ancestors ᨄᨚᨒᨙ ᨆᨄᨔᨗᨈᨗᨊᨗ ᨀᨊ walkurls.com ᨆᨊᨙ.
Header set Content-Security-Policy "frame-ancestors 'self' https://walkurls.com" Header unset X-Frame-Options
add_header Content-Security-Policy "frame-ancestors 'self' https://walkurls.com";
app.use((req, res, next) => { res.setHeader('Content-Security-Policy', "frame-ancestors 'self' https://walkurls.com"); res.removeHeader('X-Frame-Options'); next(); });
header("Content-Security-Policy: frame-ancestors 'self' https://walkurls.com"); header_remove("X-Frame-Options");
{
"headers": [{
"source": "/(.*)",
"headers": [{
"key": "Content-Security-Policy",
"value": "frame-ancestors 'self' https://walkurls.com"
}]
}]
}/*
Content-Security-Policy: frame-ancestors 'self' https://walkurls.comᨅᨘᨀᨗ DevTools F12 → Console. ᨊᨑᨙᨀᨚ ᨑᨗᨅᨒᨚᨀᨗ:
Refused to display 'https://...' in a frame because it set 'X-Frame-Options' to 'deny'.
ᨄᨑᨗᨀᨔ header ᨆᨙᨒᨕᨒᨘᨗ ᨈᨙᨑᨆᨗᨊᨒ:
curl -I https://your-site.com | grep -i "frame\|content-security"
ᨔᨒᨒᨘ ᨈᨙᨊᨈᨘ: https://walkurls.com
| ← → | ᨑᨗᨚᨒᨚ / ᨑᨗᨆᨘᨊᨑᨗ |
| Space | ᨁᨊᨗ ᨚᨈᨚ-ᨄᨘᨈᨑ |
| Home End | ᨄᨗᨈᨆ / ᨄᨌᨄᨄᨙ |
| S | ᨁᨊᨗ ᨔᨕᨗᨉᨅ |
| F | ᨒᨕᨑ ᨄᨙᨊᨘ |
| ? | ᨄᨊᨙᨒ ᨅᨊᨘᨈ ᨙᨊᨙ |
ᨕᨗᨊᨔᨄᨗᨑᨔᨗ ᨉᨙᨔᨕᨗᨊ ᨔᨗᨕᨔᨔᨙ ᨕᨙᨔᨔᨚ
ᨔᨙᨒᨗᨉᨗᨀᨗ ᨉᨙᨔᨕᨗᨊ ᨆᨈᨑᨍ, ᨉᨙᨔᨕᨗᨊᨙᨑ ᨆᨅᨗᨔᨗᨚᨊᨙᨑ, ᨕᨑᨔᨗᨈᨙᨀᨈᨘᨑ ᨆᨒᨘᨓᨗᨔ, ᨄᨑᨚᨉᨘ ᨕᨗᨊᨚᨅᨈᨗ, ᨄᨑᨚᨐᨙ ᨆᨄᨚᨒᨚᨄᨚᨑᨗ, ᨆᨙᨑᨙ ᨈᨙᨑᨈᨈ ᨊ ᨕᨗᨉᨙ ᨀᨑᨙᨕᨈᨗ, ᨊᨈᨆᨄᨗᨒᨙ ᨔᨗᨕᨔᨔᨙ ᨕᨙᨔᨔᨚ ᨄᨚᨒᨙ ᨔᨗᨊᨗᨊ ᨒᨗᨊᨚᨕᨙ.
ᨔᨙᨒᨗᨉᨗᨀᨗ ᨀᨑᨐ ᨉᨙᨔᨕᨗᨊ ᨆᨄᨚᨒᨚᨄᨚᨑᨗ ᨊᨄᨗᨒᨙ ᨔᨌᨑ ᨆᨙᨑᨗᨈᨚᨀᨑᨈᨗ ᨑᨗ A' Design Award & Competition ᨆᨈᨑᨍ. ᨈᨙᨆᨘᨀᨊᨗ ᨕᨁ ᨆᨄᨍᨍᨗ ᨉᨙᨔᨕᨗᨊ ᨕᨙᨔᨔᨚᨕᨙ ᨆᨗᨔᨈᨗᨆᨙᨓ.
ᨕᨗᨈ ᨉᨙᨔᨕᨗᨊ ᨑᨗ ᨕᨙᨔᨔᨚᨕᨙ
ᨈᨙᨆᨘᨀᨊᨗ ᨈᨗᨆ ᨀᨑᨙᨕᨈᨗ ᨀᨙᨒᨔ ᨉᨘᨊᨗ ᨊᨀᨑᨐ ᨀᨚᨒᨅᨚᨑᨈᨗ ᨆᨅᨗᨔᨗᨚᨊᨙᨑᨊ ᨊᨑᨙᨀᨙᨊ ᨄᨙᨂᨀᨘᨕᨊ ᨄᨚᨒᨙ A' Design Award & Competition ᨆᨈᨑᨍ ᨑᨗ ᨉᨘᨊᨗ ᨕᨗᨊᨈᨙᨑᨊᨔᨗᨚᨊᨒ. ᨕᨗᨈ ᨄᨉᨙᨁ ᨆᨒᨆᨄᨕᨘᨗ ᨅᨈᨔ ᨔᨗᨒᨕᨘᨂ.
ᨔᨗᨔᨙᨂ ᨈᨗᨆ ᨉᨙᨔᨕᨗᨊ ᨑᨗ ᨕᨙᨔᨔᨚᨕᨙ
ᨆᨗᨔᨔᨙᨂ ᨉᨙᨔᨕᨗᨊᨙᨑ ᨆᨌᨌ ᨈᨙᨆᨈᨘ ᨊᨀᨑᨐ ᨆᨈᨑᨍᨊ ᨊᨊᨗᨒᨕᨗ ᨊ ᨊᨅᨙᨉ-ᨅᨙᨉᨂ ᨔᨌᨑ ᨆᨊᨉᨗᨑᨗ ᨑᨗ A' Design Award & Competition ᨕᨗᨊᨈᨙᨑᨊᨔᨗᨚᨊᨒ. ᨔᨙᨒᨗᨉᨗᨀᨗ ᨄᨑᨍᨒᨊᨊ ᨀᨑᨙᨕᨈᨗᨊ.
ᨈᨙᨆᨘᨀᨊᨗ ᨉᨙᨔᨕᨗᨊᨙᨑ ᨑᨗ ᨕᨙᨔᨔᨚᨕᨙ
ᨈᨙᨆᨘᨀᨊᨗ ᨉᨙᨔᨕᨗᨊᨙᨑ ᨆᨄᨙᨂᨑᨘ ᨈᨙᨆᨈᨘ ᨊᨀᨑᨐ ᨒᨘᨓᨑ ᨅᨗᨕᨔᨊ ᨊᨄᨖᨚᨑᨆᨈᨗ ᨑᨗ ᨄᨑᨚᨔᨙᨔ ᨄᨙᨆᨗᨒᨗᨖᨊ ᨍᨘᨑᨗ ᨆᨀᨙᨔᨔᨗᨂ ᨑᨗ A' Design Award & Competition ᨆᨈᨑᨍ. ᨆᨗᨔᨔᨙᨂ ᨕᨁ ᨆᨄᨍᨍᨗ ᨒᨙᨁᨙᨊᨉ ᨉᨙᨔᨕᨗᨊ ᨈᨚᨈᨚᨊ.
ᨔᨙᨒᨗᨉᨗᨀᨗ ᨒᨙᨁᨙᨊᨉ ᨉᨙᨔᨕᨗᨊ ᨑᨗ ᨕᨙᨔᨔᨚᨕᨙ
ᨔᨙᨒᨆᨗ ᨑᨗ ᨓᨓᨊᨌᨑ ᨆᨉᨒᨆ ᨔᨗᨄᨘᨒᨘᨂ ᨉᨙᨔᨕᨗᨊᨙᨑ ᨆᨈᨑᨍ ᨊᨀᨑᨐ ᨆᨄᨚᨒᨚᨄᨚᨑᨗᨊ ᨊᨄᨗᨒᨙ ᨑᨗ ᨀᨚᨆᨄᨙᨈᨗᨔᨗ ᨈᨙᨑᨅᨘᨀ ᨑᨗ A' Design Award & Competition ᨊᨖᨚᨑᨆᨈᨗ ᨑᨗ ᨉᨘᨊᨗ. ᨈᨙᨆᨘᨀᨊᨗ ᨄᨑᨚᨔᨙᨔ ᨀᨑᨙᨕᨈᨗᨊ.
ᨅᨌ ᨓᨓᨊᨌᨑ ᨉᨙᨔᨕᨗᨊ ᨑᨗ ᨕᨙᨔᨔᨚᨕᨙ
ᨈᨙᨆᨘᨀᨊᨗ ᨉᨙᨔᨕᨗᨊᨙᨑ, ᨕᨑᨔᨗᨈᨙ, ᨆᨙᨑᨙ ᨊ ᨄᨙᨆᨅᨘᨕᨈ ᨄᨑᨚᨉᨘ ᨆᨄᨙᨂᨑᨘ ᨔᨗᨊᨗᨊᨗ, ᨊᨄᨗᨒᨙ ᨑᨗ A' Design Award & Competition ᨆᨈᨑᨍ. ᨍᨍᨆᨊᨗ ᨀᨑᨐ ᨀᨑᨙᨕᨈᨗ ᨄᨒᨗᨂ ᨆᨈᨑᨍ ᨕᨙᨔᨔᨚᨕᨙ.
ᨕᨗᨈ ᨔᨚᨑᨚᨈᨊ ᨑᨗ ᨕᨙᨔᨔᨚᨕᨙ
ᨈᨙᨆᨘᨀᨊᨗ ᨀᨚᨊᨔᨙ ᨉᨙᨔᨕᨗᨊ ᨕᨗᨊᨚᨅᨈᨗ ᨆᨌᨙᨆᨙᨑᨒᨂ ᨊᨄᨗᨒᨙ ᨕᨈᨔ ᨉᨔᨑ ᨀᨙᨕᨘᨂᨁᨘᨒᨊ ᨉᨙᨔᨕᨗᨊ ᨈᨙᨑᨅᨕᨗ ᨑᨗ A' Design Award & Competition ᨕᨗᨊᨈᨙᨑᨊᨔᨗᨚᨊᨒ. ᨕᨗᨈ ᨕᨗᨉᨙ-ᨕᨗᨉᨙ ᨆᨅᨙᨊᨈᨘ ᨆᨔ ᨉᨙᨄᨊ ᨉᨙᨔᨕᨗᨊ.
ᨈᨙᨆᨘᨀᨊᨗ ᨕᨗᨉᨙ ᨉᨙᨔᨕᨗᨊ ᨑᨗ ᨕᨙᨔᨔᨚᨕᨙ
ᨈᨙᨆᨘᨀᨊᨗ ᨆᨙᨑᨙ ᨆᨒᨘᨓᨗᨔ ᨊᨀᨙᨕᨘᨂᨁᨘᨒᨊ ᨉᨙᨔᨕᨗᨊᨊ ᨊᨑᨙᨀᨙᨊ ᨄᨙᨂᨀᨘᨕᨊ ᨑᨗ ᨉᨘᨊᨗ ᨕᨗᨊᨈᨙᨑᨊᨔᨗᨚᨊᨒ ᨑᨗ A' Design Award & Competition ᨆᨈᨑᨍ. ᨔᨙᨒᨗᨉᨗᨀᨗ ᨕᨁ ᨆᨄᨍᨍᨗ ᨆᨙᨑᨙ ᨊᨈᨆᨄᨗᨒᨙ ᨕᨙᨔᨔᨚᨕᨙ ᨆᨅᨙᨉ.
ᨈᨙᨆᨘᨀᨊᨗ ᨆᨙᨑᨙ ᨉᨙᨔᨕᨗᨊ ᨑᨗ ᨕᨙᨔᨔᨚᨕᨙ
ᨔᨙᨒᨗᨉᨗᨀᨗ ᨈᨑᨙᨊ ᨉᨙᨔᨕᨗᨊ ᨄᨙᨊᨙᨊᨈᨘ ᨊᨈᨙᨆᨘᨀᨊᨗ ᨑᨗ ᨕᨙᨅᨒᨘᨕᨔᨗ ᨔᨙᨍᨓᨈ ᨀᨚᨆᨄᨙᨈᨗᨈᨗ ᨑᨗ A' Design Award & Competition ᨕᨗᨊᨈᨙᨑᨊᨔᨗᨚᨊᨒ. ᨈᨙᨆᨘᨀᨊᨗ ᨁᨙᨑᨀᨊ ᨆᨅᨙᨊᨈᨘ ᨉᨙᨔᨕᨗᨊ ᨕᨙᨔᨔᨚᨕᨙ.
ᨕᨗᨀᨘᨈᨗ ᨈᨑᨙᨊ ᨉᨙᨔᨕᨗᨊ ᨑᨗ ᨕᨙᨔᨔᨚᨕᨙᨆᨔᨔᨙᨉᨗ ᨑᨗ A' Design Award & Competition ᨆᨈᨑᨍ ᨕᨘᨊᨈᨘ ᨑᨙᨀᨙᨊ ᨀᨙᨔᨙᨆᨄᨈᨊ ᨄᨑᨚᨉᨘ ᨊ ᨄᨑᨚᨐᨙᨈ ᨊᨈᨄᨑᨚᨆᨚᨔᨗᨀᨊ ᨑᨗ ᨔᨗᨊᨗᨊ ᨒᨗᨊᨚᨕᨙ. ᨈᨙᨆᨘᨀᨊᨗ ᨉᨙᨔᨕᨗᨊ ᨆᨉᨙᨌᨙᨂ, ᨕᨑᨔᨗᨈᨙᨀᨈᨘᨑ, ᨕᨗᨊᨚᨅᨔᨗ ᨊ ᨄᨑᨚᨉᨘ ᨑᨗ Designer.org.
