You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The documentation of the rule should be in docs/frameoptions.missing.md
The suggested content is:
Clickjacking attacks happen when your site is loaded within an IFrame and the attacker has control over your input by layering over it.
This HTTP header configures whether your site may be loaded in an IFrame or not.
The recommended value:
`SAMEORIGIN` instructs that you may frame your own site while `DENY` says that it may not be framed at all.
You may allow specific sites to frame you by using `ALLOW-FROM`.
# How do I fix this ?
Although you may set http headers in your application code it is often simpler to configure the web server to set it properly.
A edit was suggested from the library page - https://passmarked.com/library/security/http/frameoptions.missing.
The documentation of the rule should be in docs/frameoptions.missing.md
The suggested content is:
X-Frame-Options: SAMEORIGIN
// or
X-Frame-Options: DENY
// or
X-Frame-Options: ALLOW-FROM http://passmarked.com
// nginx
add_header X-Frame-Options SAMEORIGIN;
// apache
Header set X-Frame-Options: SAMEORIGIN
User agent of user:
Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36The text was updated successfully, but these errors were encountered: