The anti-clickjacking X-Frame-Options header is not present.

User avatar
sonik_blast
Пристрастен GEEK
Posts: 2336
Joined: 11 Nov 2005, 17:57
Skype: sonik_blast_headoff
Location: София
Contact:

The anti-clickjacking X-Frame-Options header is not present.

Unread post by sonik_blast »

If you have this for your site after scanning:
The anti-clickjacking X-Frame-Options header is not present.
Go to apache httpd.conf and add to the bottom of the file

Code: Select all

Header always append X-Frame-Options SAMEORIGIN
After restart the apache server

FOR UBUNTU 20.04:

First enable mod headers and restart apache2

Code: Select all

a2enmod headers
systemctl restart apache2
go to /etc/apache2/conf-enabled/security.conf:

Code: Select all

pico /etc/apache2/conf-enabled/security.conf
find

Code: Select all

#
# Setting this header will prevent other sites from embedding pages from this
# site as frames. This defends against clickjacking attacks.
# Requires mod_headers to be enabled.
#
#Header set X-Frame-Options: "sameorigin"
Uncomment Header set X-Frame-Options: "sameorigin" to look like this:

Code: Select all

#
# Setting this header will prevent other sites from embedding pages from this
# site as frames. This defends against clickjacking attacks.
# Requires mod_headers to be enabled.
#
Header set X-Frame-Options: "sameorigin"
And restart apache2 again:

Code: Select all

systemctl restart apache2
Не е важното къде си, важното е да си там, но да не си сам.
Колкото по-умен ставам, толкова по-тъп изглеждам в очите на другите.
No Fea Sonik Is Hea, YouR End Is Nea!

Post Reply