The anti-clickjacking X-Frame-Options header is not present.
👤 admin
🔴 Admin
✍️ The most important thing in the world is to not be alone.
⏳ Last active: 15 Apr 2025 at 16:01
📅 Created: 14 Feb 2021 at 23:27
👀 Viewed: 32 times
✉️ Send Email
If you have this for your site after scanning:
The anti-clickjacking X-Frame-Options header is not present.
Go to apache httpd.conf and add to the bottom of the file
Header always append X-Frame-Options SAMEORIGIN
After restart the apache server
FOR UBUNTU 20.04:
First enable mod headers and restart apache2
a2enmod headers
systemctl restart apache2
go to /etc/apache2/conf-enabled/security.conf:
pico /etc/apache2/conf-enabled/security.conf
find
#
# Setting this header will prevent other sites from embedding pages from this
# site as frames. This defends against clickjacking attacks.
# Requires mod_headers to be enabled.
#
#Header set X-Frame-Options: "sameorigin"
Uncomment Header set X-Frame-Options: "sameorigin" to look like this:
#
# Setting this header will prevent other sites from embedding pages from this
# site as frames. This defends against clickjacking attacks.
# Requires mod_headers to be enabled.
#
Header set X-Frame-Options: "sameorigin"
And restart apache2 again:
systemctl restart apache2