Missing X-frame options header

safe

Missing X-frame options header

We have to change  X-frame options header.

First check how it looks. Open any page of your website. I am using Firefox with firebug addon. You can use Google chrome as well. In firebug console you will get the URL (Or you can check it in “Net” tab). Expand it and goto Header section. By Default Response Header will open. Now check it out.

vul4_image1

Navigate to your root directory or public html folder. IF you don’t have any “.htaccess” file then create it or if it already exists then open it.

Now if we don’t want to load our site/page from any iframe of external or internal page then we have to use

Header set X-Frame-Options “DENY”

If we want to use iframe internally then we have to use –

Header set X-Frame-Options “SAMEORIGIN”

Now check it again –

vul4_image2

Now the parameter has set in our Response header.

Related posts:

Leave a Reply

Your email address will not be published. Required fields are marked *