1. Home
  2. Docs
  3. Warnings
  4. Hardening
  5. Security Headers – X-Frame-Options

Security Headers – X-Frame-Options

In order to improve the security of your site against ClickJacking, it is recommended that you add the following header to your site:

  X-Frame-Options: SAMEORIGIN

It is supported by all browsers and prevents an attacker from iframing the content of your site into others.

This article from Mozilla explains it in detail: On the X-Frame-Options Security Header

Enabling this header

You can enable it by modifying your Apache settings or your inserting the following code into your .htaccess file:


  Header always append X-Frame-Options SAMEORIGIN

Sucuri Customers

Note: this is enabled by default.
You can enable it on your WAF (along with other security headers) by setting “Additional Security Headers ” to on.

If you have any questions, please contact our research team at research@sucuri.net.

Was this article helpful to you?