Facebook Twitter Instagram
    TecAdmin
    • Home
    • Ubuntu 20.04
      • Upgrade Ubuntu
      • Install Java
      • Install Node.js
      • Install Docker
      • Install LAMP Stack
    • Tutorials
      • AWS
      • Shell Scripting
      • Docker
      • Git
      • MongoDB
    • FeedBack
    • Submit Article
    • About Us
    Facebook Twitter Instagram
    TecAdmin
    Home»Web Servers»Apache»How to Configure X-Frame-Options in Apache

    How to Configure X-Frame-Options in Apache

    RahulBy RahulApril 6, 20202 Mins ReadUpdated:April 15, 2020

    The X-Frame-Options in used as HTTP response header. This prevents your site content embedded into other sites. Based on this value a browser allowed other sites to open web page in iframe. It also secure your Apache web server from clickjacking attack.

    There are three options available to set with X-Frame-Options:

    • ‘SAMEORIGIN’ – With this setting, you can embed pages on same origin. For example, add iframe of a page to site itself.
    • ‘ALLOW-FROM uri – Use this setting to allow specific origin (website/domain) to embed pages of your site in iframe.
    • ‘DENY – This will not allow any website to embed your site pages in an iframe.

    Setup X-Frame-Options with Apache Configuration

    Edit Apache configuration file based on your operating system. The configuration file can be found:

    Debian based systems: /etc/apache2/conf-enabled/security.conf
    Redhat based systems: /etc/httpd/conf/httpd.conf

    Now add one of the following entry to file:

    • Allow for Same Origin (Default Action)

      Header set X-Frame-Options: "SAMEORIGIN"
      
    • Allow from specific origin

      Header set X-Frame-Options: "ALLOW-FROM http://example.com/" 
      Header set X-Frame-Options: "ALLOW-FROM http://www.example.com/" 
      Header set X-Frame-Options: "ALLOW-FROM https://example.com/" 
      Header set X-Frame-Options: "ALLOW-FROM https://www.example.com/" 
      
    • Deny to everyone

      Header set X-Frame-Options: "DENY"
      

    Save the configuration file and restart Apache service to apply changes.

    Setup X-Frame-Options with .htaccess

    The websites running over shared hosting environment, You may not have privileges to modify Apache configuration. In this case, you can create .htaccess file on document root and append the same settings as above:

    Header append X-Frame-Options: "SAMEORIGIN"
    
    Apache Headers
    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email WhatsApp
    Previous ArticleHow to Install Apache Kafka on Debian 11/10
    Next Article How to Install AnyDesk on Debian 10

    Related Posts

    How To Install Apache Solr 9.0 on Fedora 36/35

    Updated:May 26, 20223 Mins Read

    How to Install Apache ActiveMQ on Ubuntu 22.04

    3 Mins Read

    How to Install Apache, MySQL, PHP (LAMP Stack) on Ubuntu 22.04

    Updated:June 28, 20225 Mins Read

    How To Disable HTTP Methods in Apache

    Updated:December 31, 20212 Mins Read

    How To Setup Apache, PHP & MongoDB in Ubuntu & Debian

    Updated:October 8, 20213 Mins Read

    Common Apache Commands on Ubuntu & Debian

    4 Mins Read

    3 Comments

    1. Biker Mike on October 1, 2021 9:51 am

      Very helpful, thank you. Note that if you are running SSL (on Debian 9, at least), you will need to change X-Frame-Options in *both* the following files:

      /etc/apache2/conf-available/security.conf
      /etc/apache2/conf-available/ssl-params.conf

      Otherwise you will get an error similar to the following (in the chrome console):

      Refused to display ‘*****’ in a frame because it set multiple ‘X-Frame-Options’ headers with conflicting values (‘DENY, SAMEORIGIN’). Falling back to ‘deny’.

      Reply
      • Lokesh Bhandari on December 17, 2021 11:33 am

        Thanks, it works for me.

        Reply
    2. Rod Graham on April 13, 2021 5:15 pm

      Very useful, thank you.

      On ubuntu 18.04 it is:

      /etc/apache2/conf-available/security.conf

      Reply

    Leave A Reply Cancel Reply

    Recent Posts
    • How to run “npm start” through docker
    • Filesystem Hierarchy Structure (FHS) in Linux
    • How to accept user input in Python
    • What is difference between var, let and const in JavaScript?
    • What is CPU? – Definition, Types and Parts
    Facebook Twitter Instagram Pinterest
    © 2022 Tecadmin.net. All Rights Reserved | Terms  | Privacy Policy

    Type above and press Enter to search. Press Esc to cancel.