Created
January 19, 2020 17:57
-
-
Save rakibulinux/3869972ac940bb538a24c89723e893cd to your computer and use it in GitHub Desktop.
X-Frame-Options - How to Combat Clickjacking on cPanel
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #1. deny directive | |
| #The deny directive completely disables the loading of the page in a frame, regardless of what site is trying. Below is what the header request will look like if this is enabled. | |
| X-Frame-Options: deny | |
| #2. sameorigin directive# | |
| #The sameorigin directive allows the page to be loaded in a frame on the same origin as the page itself. Below is what the header request will look like if this is enabled. | |
| X-Frame-Options: sameorigin | |
| #3. allow-from uri directive# | |
| #The allow-from uri directive allows the page to only be loaded in a frame on the specified origin and or domain. Below is what the header request will look like if this is enabled. | |
| X-Frame-Options: allow-from https://www.sportszion.com/ | |
| #Enable on Nginx | |
| #To enable the X-Frame-Options header on Nginx simply add it to your server block config. | |
| add_header X-Frame-Options "sameorigin" always | |
| #Enable on Apache | |
| #To enable on Apache simply add it to your httpd.conf file (Apache config file). | |
| header always set X-Frame-Options "sameorigin" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment