Forums

X-Frame Options

Permalink
Hey guys, I have a question probably answered before. I'm wanting to put this code into my I assume login page to prevent the click jacking attempts that i've read about. What file(s) do I put the following script in to prevent clipjacking ?

HTTP_RESPONSE {
HTTP::header insert "X-FRAME-OPTIONS" “(DENY || SAMEORIGIN)”
}

I assume it's in the login .php but i'm not sure. Anyone know?

Thanks.
mcmspi
 
adajad replied on at Permalink Reply
adajad
You could add the following to your httpd.conf (or any other included conf file).

Header always append X-Frame-Options SAMEORIGIN


That will add it to the header in all pages rendered through you Apache server (according to http://www.webmasterworld.com/webmaster/4022867.htm... ).

I haven't tested it myself though...