This extension is part of the Rack::Protection project. Run gem install rack-protection to have it available.

Prevented attack


Supported browsers

Internet Explorer 8, Firefox 3.6.9, Opera 10.50, Safari 4.0, Chrome and later

More infos


Sets X-Frame-Options header to tell the browser avoid embedding the page in a frame.



Defines who should be allowed to embed the page in a frame. Use :deny to forbid any embedding, :sameorigin to allow embedding from the same origin (default).