Security Plugins Hub

Bring your software development workflows to security


Click jacking protection

Signals & Triggers

On HTTP request


  • Set the header Set the header


The X-Frame-Options response header improves the protection of web applications against clickjacking. It declares a policy from a host to the client browser on whether it can display the transmitted content in frames of other web pages.

Setting an X-Frame-Options header in your application protects it from someone creating a wrapper around your site doing whatever they want and displaying your page in an iframe. This allows attackers to force your users to click on some part of your website, while hidden in an iframe (these are known as clickjacking attacks).

You can either choose to completely block rendering your site inside a frame by setting this header to DENY, allow it to be rendered by other pages on the same server with SAMEORIGIN or, you can specify a list of whitelisted domains with ALLOW-FROM.

Advanced details

This plugin can automatically set the X-Frame-Options header to the configured value in HTTP responses.

Sqreen instruments the HTTP server running in your application. We can automatically inject the header at runtime without requiring any code change nor deployment.

The value and the plugin status can be changed in just a couple of clicks from this page.

Language support

  • Ruby
  • Node.js
  • PHP
  • Python
  • Java

Data collected by Sqreen


No data collected

Built for developers and modern apps

Get up and running in minutes just by installing our lightweight library. Enable plugins in just a couple of clicks.

  • Ruby
  • Node.js
  • PHP
  • Python
  • Java
  • Go
  • .net
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9

$ echo "gem 'sqreen'" >> Gemfile

$ bundle install

$ echo "token: your token" > config/sqreen.yml

$ npm install --save sqreen

$ echo '{ "token": "your token" }' > sqreen.json

$ curl -s > && bash your token

$ pip install sqreen

$ echo -e "[sqreen]\ntoken: your token" > sqreen.ini

$ curl -o sqreen.jar

Request your beta access for the Go agent Request beta
Get notified when the .net agent releases Notify me

Build amazing products. Keep them safe.

5 min installation · Try all features for 14 days · No credit card required Sign up Request demo