There is an apache server hosting some website written in PHP and is accessible thru internet. How do configure the apache to resolve 'Missing Cross-Frame Scripting Defence' and can 'Missing Cross-Frame Scripting Defence' warning be ignored?
Asked
Active
Viewed 1,178 times
-1
-
Same note as your previous question: I think this is better to ask in SuperUser website. – Sep 04 '15 at 06:33
-
1I think that this question is better suitable for ServerFault than SuperUser. – Vilican Sep 04 '15 at 16:06
-
dear moderators, please enlighten me if I should ask in SuperUser or ServerFault. thank you. – user275517 Sep 08 '15 at 09:09
-
I'd suggest SuperUser - see how it goes. – Rory Alsop Sep 08 '15 at 14:25
1 Answers
1
You need to send an X-Frame-Options header, usually with the value "sameorigin". You can do this in Apache using mod_headers, something like:
Header set X-Frame-Options sameorigin
paj28
- 32,736
- 8
- 92
- 130