We earn commission when you buy through affiliate links.
This does not influence our reviews or recommendations.Learn more.
Add X-Frame-Options in HTTP header to secure NGINX from Clickjacking attack
Clickjacking is a well-known web system vulnerability.
This will prevent site content embedded into other sites.
Did you ever venture to embed Google.com on your website as a frame?
You cant because its protected, and you could protect it too.
There are three tweaks for X-Frame-Options:
Note: you may also tryCSP frame-ancestorsto control the content embed.
It should look like this.
Alternatively, you’re able to also useHTTP Header online toolto verify this.
I hope this helps.
For more on security, check out myNginx Hardening & Security guide.
This is justone of the hundreds of security fixesfor a website.
