X-Frame Options

Permalink
Hey guys, I have a question probably answered before. I'm wanting to put this code into my I assume login page to prevent the click jacking attempts that i've read about. What file(s) do I put the following script in to prevent clipjacking ?

HTTP_RESPONSE {
HTTP::header insert "X-FRAME-OPTIONS" “(DENY || SAMEORIGIN)”
}

I assume it's in the login .php but i'm not sure. Anyone know?

Thanks.

mcmspi
View Replies:
adajad replied on at Permalink Reply
adajad
You could add the following to your httpd.conf (or any other included conf file).

Header always append X-Frame-Options SAMEORIGIN


That will add it to the header in all pages rendered through you Apache server (according to http://www.webmasterworld.com/webmaster/4022867.htm... ).

I haven't tested it myself though...