-
Notifications
You must be signed in to change notification settings - Fork 53
TWA 0206
Thomas Young-Audet edited this page Jun 8, 2020
·
1 revision
"X-Frame-Options is 'sameorigin', consider 'deny'"
The X-Frame-Options header provide clickjacking protection to your site users by not allowing rendering of a page in a frame. The sameorigin directive limits the page to only being displayed in a frame of the same origin as the page itself. This is relatively safe, but not good enough for twa.
The X-Frame-Options header is easy to change. It only requires a slight web server configuration modification. For more information about implementation visit MDN.