Missing Anti-clickjacking Header
Microsoft IIS webserver
- Start the application named: IIS Manager.
- Select your website
- On the right part of the screen, access the option named: HTTP Response Headers.
- On the top right part of the screen, click on the Add option.
-
To enable the anti clickjacking feature, enter the following configuration:
• NAME: X-Frame-Options
• VALUE: SAMEORIGIN
Click on the OK button.
Nginx webserver
In your nginx.conf file add:
add-header X-Frame-Options "SAMEORIGIN";
Apache webserver
Make sure that the headers module is loaded: sudo a2enmod headers
Add the following code to the apache2.conf file:
<IfModule mod_headers.c>
Header always set X-Frame-Options "SAMEORIGIN"
</IfModule>