<yambe:breadcrumb>Apache_web_server_configuration|Apache web server configuration</yambe:breadcrumb> <yambe:breadcrumb>Security tips</yambe:breadcrumb>

Block iframe calls to website to prevent Clickjacking attacks

To block iframe calls to website hosted using apache using HTTP headers use:

Header always append X-Frame-Options DENY

configuration. However, if local iframes from site to itself are desired then DENY can be replaced with SAMEORIGIN.