Wednesday, July 23, 2014

X-Frame-Options Header for Red Hat Linux and CentOS Apache Web Server (httpd)


X-Frame-Options header restricts web page's ability to open in a Frame. Opening in a frame can result a Clickjacking attack which the authentic page is open in a frame a place layer exactly on top of a login section which can capture usernames and passwords.

According to the 'X-Frame-Options response header' reference in Mozilla Developer site, There are three possible values for X-Frame-Options: