Clickjacking protection through X-Frame-Options and STS
Posted by perusio on August 16, 2010 at 4:20am
Hello everyone,
I've used extensively the configurations available at github by omega8cc and yhager. I've added a few things myself and I will share it on github soon.
One of the things I added is clickjacking protection through the X-Frame-Options header. This is supported in modern browsers and also on IE8. Mozilla Dev Center explanation of this header.
The best thing is to add in your server context:
add_header X-Frame-Options sameorigin;Subscribe with RSS Syndicate content