1
Hello, I scanned my site and found that it is vulnerable to clickjacking type attacks, I saw that a solution would implement the header-frame-options x HTTP, my doubt is how to implement it? Would it be a simple html tag inserted into the header? What would that tag be?
2
Add this to PHP:
header('X-Frame-Options: SAMEORIGIN');
Specifically I added in header.php, which is included on all other pages.
Source: codeengineered
1
A website has a protocol, host and port i.e, http://exemplo.com/ is (http, exemplo.com, 80). https://exemplo.com/ is a different site (https, exemplo.com, 443).
To avoid this access, you can configure the x-frame-option for SAMEORIGIN. This means that only other pages of the same origin can access, in our example http://exemplo.com.
In the case of PHP we can define the header before the page content is sent. This can be done using the function header.
<?php
header('X-Frame-Options: SAMEORIGIN');
?>
Browser other questions tagged php html html5 security-guard vulnerability
You are not signed in. Login or sign up in order to post.
Someone who can help me?
– RonaldoM