There is an apache server hosting some website written in PHP and is accessible thru internet. How do configure the apache to resolve 'Missing Cross-Frame Scripting Defence' and can 'Missing Cross-Frame Scripting Defence' warning be ignored?
-
Same note as your previous question: I think this is better to ask in SuperUser website.user45139– user451392015-09-04 06:33:58 +00:00Commented Sep 4, 2015 at 6:33
-
1I think that this question is better suitable for ServerFault than SuperUser.Vilican– Vilican2015-09-04 16:06:10 +00:00Commented Sep 4, 2015 at 16:06
-
dear moderators, please enlighten me if I should ask in SuperUser or ServerFault. thank you.user275517– user2755172015-09-08 09:09:40 +00:00Commented Sep 8, 2015 at 9:09
-
I'd suggest SuperUser - see how it goes.Rory Alsop– Rory Alsop ♦2015-09-08 14:25:42 +00:00Commented Sep 8, 2015 at 14:25
Add a comment
|
1 Answer
You need to send an X-Frame-Options header, usually with the value "sameorigin". You can do this in Apache using mod_headers, something like:
Header set X-Frame-Options sameorigin
