Block iframe calls to website to prevent Clickjacking attacks

From Notes_Wiki
Revision as of 09:17, 25 January 2019 by Saurabh (talk | contribs)

<yambe:breadcrumb self="Block iframe calls to website to prevent Clickjacking attacks">Security tips|Security tips</yambe:breadcrumb>

Block iframe calls to website to prevent Clickjacking attacks

To block iframe calls to website hosted using apache using HTTP headers use:

Header always append X-Frame-Options DENY

configuration. However, if local iframes from site to itself are desired then DENY can be replaced with SAMEORIGIN.

Assuming iframes are not blocked in your browser one can use http://www.w3schools.com/tags/tryit.asp?filename=tryhtml_iframe to check whether the above setting is successful or not. Simply replace iframe src from w3schools to your own website to test.

Learn more about this at https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options

<yambe:breadcrumb self="Block iframe calls to website to prevent Clickjacking attacks">Security tips|Security tips</yambe:breadcrumb>