Add this to PHP:
header('X-Frame-Options: SAMEORIGIN');
Particularly I added in header.php
, which is included on all other pages.
Source: codeengineered
A site has a protocol, host, and port i.e, http://exemplo.com/
is (http, exemplo.com, 80)
. https://exemplo.com/
is a different site (https, exemplo.com, 443)
.
To avoid this access, you can set x-frame-option
to SAMEORIGIN . This means that only other pages from the same source can access, in our example case http://exemplo.com
.
In the case of PHP we can set the header before the content of the page is sent. This can be done using the header
function.
<?php
header('X-Frame-Options: SAMEORIGIN');
?>