skip to Main Content

I am using Apache server for Wamp application. While doing security testing, I got these error reports which says:

  1. X-Frame-Options Header Not Set.
    For this I know that there are 3 types of X-Frame Options. But where do I implement the SAMEORIGIN option and how?

  2. X-Content-Type-Options Header Missing.

What do I need to do to solve these?
Thank you.

2

Answers


  1. Set the following headers:

    X-Frame-Options: SAMEORIGIN
    X-Content-Type-options: nosniff
    

    Since you are using Apache, add the following to the apache config:

    Header always set X-Frame-Options "SAMEORIGIN"
    Header always set X-Content-Type-Options nosniff
    

    The above won’t do anything for a local test server. But, you should always set them in public production servers.

    Remember: Even though it doesn’t do anything for local servers, you could develop your website with this environment, so that it doesn’t suffer when you release it on production.

    Login or Signup to reply.
  2. Since you are using Apache, add the following to the apache config:

    Header always set X-Frame-Options "SAMEORIGIN"
    Header always set X-Content-Type-Options nosniff
    

    Works perfect!

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search