Set X-Frame-Options on Apache webservers
Question:
How to set X-Frame-Options on Apache webservers? Answer:
<IfModule mod_headers.c>
Header set X-Frame-Options "SAMEORIGIN"
</IfModule>
Description:
The X-Frame-Options
HTTP response header can be used to indicate whether or not a browser should be allowed to render a page in a <frame>, <iframe>, <embed>, or <object>. Sites can use this to avoid click-jacking attacks, by ensuring that their content is not embedded into other sites.
The added security is provided only if the user accessing the document is using a browser that supports X-Frame-Options.
Possible values:
Deny
: The page cannot be displayed in a frame, regardless of the site attempting to do so.SAMEORIGIN
: The page can only be displayed in a frame on the same origin as the page itself.
Reference:
X-Frame-Options reference
Share "How to set X-Frame-Options on Apache webservers?"
Related snippets:
Tags:
X-Frame-Options, htaccess, sameorigin, Technical term:
Set X-Frame-Options on Apache webservers