X-Frame-Options Header Not Set: How do I set it? - Apache - PhpOut

Nicole
February 2, 2021
151 views
1 vote
2 Answers

I am using Apache server for Wamp application. While doing security testing, I got these error reports which says:

X-Frame-Options Header Not Set.
For this I know that there are 3 types of X-Frame Options. But where do I implement the SAMEORIGIN option and how?
X-Content-Type-Options Header Missing.

What do I need to do to solve these?
Thank you.

Tags: apache php security x-content-type-options x-frame-options

Answers

- Exampleperson
- February 2, 2021 at 7:38 am
- 0 votes
0
Set the following headers:
```
X-Frame-Options: SAMEORIGIN
X-Content-Type-options: nosniff
```
Since you are using Apache, add the following to the apache config:
```
Header always set X-Frame-Options "SAMEORIGIN"
Header always set X-Content-Type-Options nosniff
```
The above won’t do anything for a local test server. But, you should always set them in public production servers.

Remember: Even though it doesn’t do anything for local servers, you could develop your website with this environment, so that it doesn’t suffer when you release it on production.
Login or Signup to reply.

- AzzamDaaboul
- June 27, 2022 at 3:36 pm
- 0 votes
0
Since you are using Apache, add the following to the apache config:
```
Header always set X-Frame-Options "SAMEORIGIN"
Header always set X-Content-Type-Options nosniff
```
Works perfect!
Login or Signup to reply.

Please signup or login to give your own answer.

Click here to cancel reply.