Restrict content from being displayed in iframes in Schoology



I’m a web developer and my website has been appearing in Schoology, based on web analytics reporting. How do I prevent my content from being displayed in Schoology without my permission?


This can occur if Schoology users embed your content into a course. For example, an instructor may add your website as an embedded link for students to view directly in Schoology. If you do not wish for your content to be displayed on other platforms, you may use X-Frame-Options to set restrictions on your content being displayed in iframes.

Use the X-Frame-Options HTTP response header to indicate if a browser should be allowed to load your page in a <frame>, <iframe>, <embed> or <object>. 

There are two available directives for X-Frame Options: 

X-Frame-Options: DENY
X-Frame-Options: SAMEORIGIN

DENY: The page cannot be displayed in a frame, even if the site attempts to do so.

SAMEORIGIN: The page can only be displayed in a frame on the same origin as the page itself. 

Additionally, you may wish to utilize the Content Security Policy (CSP) response header as an added layer of security. CSP also contains frame embed directives and you may use it alongside X-Frame-Options to enforce any kind of frames directive beyond DENY and SAMEORIGIN.




Article is closed for comments.

Powered by Zendesk