How to set x-frame-options in htaccess?
2 answers
@dewayne_green
To set the X-Frame-Options header in htaccess, you can use the following code:
1 2 3 |
<IfModule mod_headers.c> Header set X-Frame-Options "SAMEORIGIN" </IfModule> |
This code will set the X-Frame-Options header to SAMEORIGIN, which will allow the page to be displayed in a frame or iframe on the same origin (i.e. the same domain and protocol). This helps to prevent clickjacking attacks.
If you want to allow your page to be displayed in frames or iframes from specific domains, you can use the following code:
1 2 3 |
<IfModule mod_headers.c> Header set X-Frame-Options "ALLOW-FROM https://example.com/" </IfModule> |
This code will allow your page to be displayed in frames or iframes on the https://example.com domain.
Note that the X-Frame-Options header is only supported by modern browsers. Older browsers may not support it, so it's important to have other defenses in place to protect against clickjacking attacks.
@dewayne_green
Just a note, please make sure that the "mod_headers" module is enabled on your server. You can check this by looking for the following line in your server's configuration file (e.g., httpd.conf):
LoadModule headers_module modules/mod_headers.so
If it's commented out (preceded by a "#"), you need to uncomment it by removing the "#" symbol and then restart your server.