TechQA.

X-Frame-Options Header Not Set: How do I set it?

4.1k views Asked by At

I am using Apache server for Wamp application. While doing security testing, I got these error reports which says:

  1. X-Frame-Options Header Not Set. For this I know that there are 3 types of X-Frame Options. But where do I implement the SAMEORIGIN option and how?

  2. X-Content-Type-Options Header Missing.

What do I need to do to solve these? Thank you.

php apache security x-frame-options x-content-type-options
Original Q&A
2

There are 2 answers

6
Example person On BEST ANSWER

Set the following headers:

X-Frame-Options: SAMEORIGIN
X-Content-Type-options: nosniff

Since you are using Apache, add the following to the apache config:

Header always set X-Frame-Options "SAMEORIGIN"
Header always set X-Content-Type-Options nosniff

The above won't do anything for a local test server. But, you should always set them in public production servers.

Remember: Even though it doesn't do anything for local servers, you could develop your website with this environment, so that it doesn't suffer when you release it on production.

0
Azzam Daaboul On

Since you are using Apache, add the following to the apache config:

Header always set X-Frame-Options "SAMEORIGIN"
Header always set X-Content-Type-Options nosniff

Works perfect!

Related Questions in PHP

Related Questions in APACHE

Related Questions in SECURITY

Related Questions in X-FRAME-OPTIONS

Related Questions in X-CONTENT-TYPE-OPTIONS

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions