I am using Apache server. While doing security testing, I got these error reports which says:
X-Frame-Options Header Not Set. For this I know that there are 3 types of X-Frame Options. But where do I implement the SAMEORIGIN option and how?
Header set X-Frame-Options: "SAMEORIGIN"
Tried adding the above in apache2.conf in /etc/apache2/ Tried with .htaccess file also
Restarted Apache and tried in Chrome , Developer Tools -> Networks -> Headers
No effect of new header . Please clarify how to add this header with file details.
Firstly look for .htaccess file in the html folder in the file manager (it could be par of the hidden files) and input this code
<If module mod_headers.c> Header always append X-Frame-Options SAMEORIGIN </IfModule>After that test again for Clickjacking