Header X-Frame-Options SAMEORIGIN not working - Apache

Dwza
July 23, 2020
95 views
0 votes
2 Answers

I have tried to add X-Frame-Options SAMEORIGIN to my server. But no matter in what way I type it into my .htaccess file, it wont show up in the console of the browser (networktab – headers). I have a testserver where I tested the .htaccess file an there it works.

I have tried to add it like:

Header set X-Frame-Options SAMEORIGIN 
Header set X-Frame-Options "sameorigin" 
Header always set X-Frame-Options SAMEORIGIN 
Header always set X-Frame-Options "sameorigin"
Header append X-Frame-Options SAMEORIGIN 
Header append X-Frame-Options "sameorigin"
Header always append X-Frame-Options SAMEORIGIN 
Header always append X-Frame-Options "sameorigin"

None of these entries worked. Its like they warent even there. Of course I tried one by one for those who think that my .htaccess looks like sample above 🙂

Other sections of my .htaccess show effekts so the apache can and is reading the file.

Why this option has no effekt?

Answers

Chosen as BEST ANSWER
- Dwza
- July 23, 2020 at 3:06 pm
- 0 votes
0
I found the issue. Obviously my server runs FCGI so my .htaccess will be overwritten everytime. I had to add these header in my PHP file.

(Edit)

- alpham8
- July 23, 2020 at 3:15 pm
- 0 votes
0
Your web server seems not to allow those changes at .htaccess level, add the X-Frame options to your apache’s vhost config for this domain or change the permission in the location section in the vhost config to allow proper X-Frame settings at your .htaccess project’s level.

Login or Signup to reply.

Please signup or login to give your own answer.

Click here to cancel reply.

Header X-Frame-Options SAMEORIGIN not working – Apache

Answers