Implement X-FRAME-OPTIONS in HTTP headers to prevent Clickjacking attacks in Apache


The X-Frame-Options HTTP response header can be used to indicate whether or not a browser should be allowed to render a page in a <frame> or <iframe>. Sites can use this to avoid clickjacking attacks, by ensuring that their content is not embedded into other sites.


Edit your Apache configuration file/etc/apache2/httpd.conf and add the following to your VirtualHost.

# Load the headers module
LoadModule headers_module modules/

<VirtualHost *:443>
    # X-Frame-Options to prevent clickjacking attacks
    Header always append X-Frame-Options DENY

Reload Apache

[root@nowherelan]# systemctl reload httpd.service

Go to Geek Flare’s Test Site and test your site . The output will tell you if you have everything correct.

My System Configuration

  • CentOS 7
  • Apache 2.4


Leave a Reply

Your email address will not be published. Required fields are marked *