The anti-clickjacking X-Frame-Options header is not present.

Spread the love

If you have this for your site after scanning:

The anti-clickjacking X-Frame-Options header is not present.

Go to apache httpd.conf and add to the bottom of the file

Header always append X-Frame-Options SAMEORIGIN

After restart the apache server

FOR UBUNTU 20.04:

First enable mod headers and restart apache2

a2enmod headers
systemctl restart apache2

go to /etc/apache2/conf-enabled/security.conf:

pico /etc/apache2/conf-enabled/security.conf

find

#
# Setting this header will prevent other sites from embedding pages from this
# site as frames. This defends against clickjacking attacks.
# Requires mod_headers to be enabled.
#
#Header set X-Frame-Options: "sameorigin"Code language: PHP (php)

Uncomment Header set X-Frame-Options: “sameorigin” to look like this:

#
# Setting this header will prevent other sites from embedding pages from this
# site as frames. This defends against clickjacking attacks.
# Requires mod_headers to be enabled.
#
Header set X-Frame-Options: "sameorigin"
Code language: PHP (php)

And restart apache2 again:

systemctl restart apache2

LateWeb.Info

The anti-clickjacking X-Frame-Options header is not present.

Related posts:

Leave a Reply Cancel reply