问题 I've a form that I'd like to embed in a website, which is on my whitelist. Other websites, that try to embed it, should get only an error page. <iframe src="https://domain.tld/getForm.php?embed=1&formId=123456"></iframe> I was hoping that I could use $_SERVER['HTTP_REFERER'] in getForm.php to check the embeding website, but it's not working. Does anyone know a best practise or any workaround? Thanks in advance! 回答1: Most browsers will support the X-Frame-Options header. This header will