Secure Nginx from Clickjacking with X-FRAME-OPTIONS

X-Frame-Options in HTTP response header can be used to indicate whether or not a browser should be allowed to open a page in frame or iframe.
  • SAMEORIGIN: This setting will allow the page to be displayed in a frame on the same origin as the page itself.
  • DENY: This setting will prevent a page displaying in a frame or iframe.
  • ALLOW-FROM URI: This setting will allow a page to be displayed only on the specified origin.
Add the following parameter in nginx.conf under server section:
add_header X-Frame-Options "SAMEORIGIN";

No comments:

Post a Comment