Editing (v7+)

X-Frame Options

Permalink November 13, 2011 at 10:46 PM

Hey guys, I have a question probably answered before. I'm wanting to put this code into my I assume login page to prevent the click jacking attempts that i've read about. What file(s) do I put the following script in to prevent clipjacking ?

HTTP_RESPONSE {
HTTP::header insert "X-FRAME-OPTIONS" “(DENY || SAMEORIGIN)”
}

I assume it's in the login .php but i'm not sure. Anyone know?

Thanks.

adajad replied on Nov 14, 2011 at 3:32 am Permalink Reply

You could add the following to your httpd.conf (or any other included conf file).

Header always append X-Frame-Options SAMEORIGIN

That will add it to the header in all pages rendered through you Apache server (according to http://www.webmasterworld.com/webmaster/4022867.htm... ).

I haven't tested it myself though...

Forums

Editing (v7+)

X-Frame Options

Code

Post Reply

Delete Post

Mark Post as Spam

Destroy Spammer

Sign In?