How to protect the Clickjacking site

1
Hello, I ran a scan on my site and found that it is vulnerable to clickjacking attacks, I saw that a solution would implement the header-frame-options x HTTP, my question is how to implement this? Is it a simple html tag inserted in the header? What would this tag be?

    
asked by anonymous 30.06.2018 / 02:01

2 answers

1

Add this to PHP:

header('X-Frame-Options: SAMEORIGIN');

Particularly I added in header.php , which is included on all other pages.

Source: codeengineered

    
13.12.2018 / 16:41
0

A site has a protocol, host, and port i.e, http://exemplo.com/ is (http, exemplo.com, 80) . https://exemplo.com/ is a different site (https, exemplo.com, 443) .

To avoid this access, you can set x-frame-option to SAMEORIGIN . This means that only other pages from the same source can access, in our example case http://exemplo.com .

In the case of PHP we can set the header before the content of the page is sent. This can be done using the header function.

<?php
header('X-Frame-Options: SAMEORIGIN');
?>
    
13.12.2018 / 17:03