Security Hub

Bring your software development workflows to security

logo-sec-header

Click jacking protection

Signals & Triggers

On HTTP request

Actions

  • Set the http header

Details

The X-Frame-Options response header improves the protection of web applications against clickjacking. It declares a policy from a host to the client browser on whether it can display the transmitted content in frames of other web pages.

Setting an X-Frame-Options header in your application protects it from someone creating a wrapper around your site doing whatever they want and displaying your page in an iframe. This allows attackers to force your users to click on some part of your website, while hidden in an iframe (these are known as clickjacking attacks).

You can either choose to completely block rendering your site inside a frame by setting this header to DENY, allow it to be rendered by other pages on the same server with SAMEORIGIN or, you can specify a list of whitelisted domains with ALLOW-FROM.

Advanced details

This plugin can automatically set the X-Frame-Options header to the configured value in HTTP responses.

Sqreen instruments the HTTP server running in your application. We can automatically inject the header at runtime without requiring any code change nor deployment.

The value and the plugin status can be changed in just a couple of clicks from this page.

Language support

  • Node.js
  • PHP
  • Ruby
  • Python
  • Java

Data collected by Sqreen

No data collected


Build amazing products. Keep them safe.

Dive into Sqreen with our 14-day trial, and experience seamlessly security. Sign up Request demo