Use X-Frame-Options and Content-Security-Policy with PHP
Most of today's browsers can help protect your site from malicious attacks if you tell them so. A method that is almost universally supported is to set the X-Frame options. If this option is set, the browser does not allow other sites to display your own site in an iframe. This protects against clickjacking attacks and should be used on all sensitive pages such as the login page.
// Adds X-Frame-Options to HTTP header so that page can only be shown in an iframe of the same site. header('X-Frame-Options: SAMEORIGIN'); // FF 3.6.9+ Chrome 4.1+ IE 8+ Safari 4+ Opera 10.5+
Top comments (0)