Security Hub

Bring your software development workflows to security


Click jacking protection

Signals & Triggers

On HTTP request


  • Set the http header


The X-Frame-Options response header improves the protection of web applications against clickjacking. It declares a policy from a host to the client browser on whether it can display the transmitted content in frames of other web pages.

Setting an X-Frame-Options header in your application protects it from someone creating a wrapper around your site doing whatever they want and displaying your page in an iframe. This allows attackers to force your users to click on some part of your website, while hidden in an iframe (these are known as clickjacking attacks).

You can either choose to completely block rendering your site inside a frame by setting this header to DENY, allow it to be rendered by other pages on the same server with SAMEORIGIN or, you can specify a list of whitelisted domains with ALLOW-FROM.

Advanced details

This plugin can automatically set the X-Frame-Options header to the configured value in HTTP responses.

Sqreen instruments the HTTP server running in your application. We can automatically inject the header at runtime without requiring any code change nor deployment.

The value and the plugin status can be changed in just a couple of clicks from this page.

Language support

  • Node.js
  • PHP
  • Ruby
  • Python
  • Java

Data collected by Sqreen

No data collected

Build amazing products. Keep them safe.

Dive into Sqreen with our 14-day trial, and experience seamlessly security. Free Trial Request demo