Rule from http under security category
Passmarked is made out of users just like you who helped supply some content. Click below to contribute to this rule. We need you.Add content to this rule
Clickjacking attacks happen when your site is loaded within an IFrame and the attacker has control over your input by layering over it.
This HTTP header configures whether your site may be loaded in an IFrame or not.
To secure your website
X-Frame-Options should be configured as one of the following scopes:
SAMEORIGIN- instructs browsers that you only url's on the same domain maybe frame the page
DENY- denies all requests to frame your page.
ALLOW-FROM http://example.com- instructs browsers that only example.com may frame your page.
First decide on what scope makes sense for your page / website.
After which continue to update the responses to include the
Although you may set http headers in your application code it is often simpler to configure the web server to set it properly.
// nginx add_header X-Frame-Options SAMEORIGIN; // apache <IfModule mod_headers.c> Header set X-Frame-Options: SAMEORIGIN; </IfModule>
Passmarked works best when you have an account. It allows you to keep a dashboard with saved data of the sites you have run through the system, we’ll alert you about important updates and you get access to the Passmarked Slack forum.Sign up to get started