Skip to content

Instantly share code, notes, and snippets.

@rakibulinux
Created January 19, 2020 17:57
Show Gist options
  • Save rakibulinux/3869972ac940bb538a24c89723e893cd to your computer and use it in GitHub Desktop.
Save rakibulinux/3869972ac940bb538a24c89723e893cd to your computer and use it in GitHub Desktop.
X-Frame-Options - How to Combat Clickjacking on cPanel
#1. deny directive
#The deny directive completely disables the loading of the page in a frame, regardless of what site is trying. Below is what the header request will look like if this is enabled.
X-Frame-Options: deny
#2. sameorigin directive#
#The sameorigin directive allows the page to be loaded in a frame on the same origin as the page itself. Below is what the header request will look like if this is enabled.
X-Frame-Options: sameorigin
#3. allow-from uri directive#
#The allow-from uri directive allows the page to only be loaded in a frame on the specified origin and or domain. Below is what the header request will look like if this is enabled.
X-Frame-Options: allow-from https://www.sportszion.com/
#Enable on Nginx
#To enable the X-Frame-Options header on Nginx simply add it to your server block config.
add_header X-Frame-Options "sameorigin" always
#Enable on Apache
#To enable on Apache simply add it to your httpd.conf file (Apache config file).
header always set X-Frame-Options "sameorigin"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment