How to protect the Clickjacking site

Question

How to protect the Clickjacking site

Navigation

#1 by (1 votes)
#2 by (0 votes)

1

Hello, I ran a scan on my site and found that it is vulnerable to clickjacking attacks, I saw that a solution would implement the header-frame-options x HTTP, my question is how to implement this? Is it a simple html tag inserted in the header? What would this tag be?

php html html5 vulnerabilidade

asked by anonymous 30.06.2018 / 02:01

2 answers

I'm having trouble reading a variable from a service in other controllers Can anyone help me, I can not type in the input

score 1 · Answer 1

1

Add this to PHP:

header('X-Frame-Options: SAMEORIGIN');

Particularly I added in header.php , which is included on all other pages.

Source: codeengineered

13.12.2018 / 16:41

score 0 · Answer 2

A site has a protocol, host, and port i.e, http://exemplo.com/ is (http, exemplo.com, 80) . https://exemplo.com/ is a different site (https, exemplo.com, 443) .

To avoid this access, you can set x-frame-option to SAMEORIGIN . This means that only other pages from the same source can access, in our example case http://exemplo.com .

In the case of PHP we can set the header before the content of the page is sent. This can be done using the header function.

<?php
header('X-Frame-Options: SAMEORIGIN');
?>