Bring your software development workflows to security
The X-Frame-Options response header improves the protection of web applications against clickjacking. It declares a policy from a host to the client browser on whether it can display the transmitted content in frames of other web pages.
Setting an X-Frame-Options header in your application protects it from someone creating a wrapper around your site doing whatever they want and displaying your page in an iframe. This allows attackers to force your users to click on some part of your website, while hidden in an iframe (these are known as clickjacking attacks).
You can either choose to completely block rendering your site inside a frame by setting this header to
DENY, allow it to be rendered by other pages on the same server with
SAMEORIGIN or, you can specify a list of whitelisted domains with
This plugin can automatically set the
X-Frame-Options header to the configured value in HTTP responses.
Sqreen instruments the HTTP server running in your application. We can automatically inject the header at runtime without requiring any code change nor deployment.
The value and the plugin status can be changed in just a couple of clicks from this page.
No data collected