Clickjacking is a well-known web application vulnerabilities. For example, it was used as an attack on Twitter. To defense the Clickjacking attack on your Apache web server, you can use X-FRAME-OPTIONS to avoid your website being hacked from Clickjacking. The X-Frame-Options in HTTP response header can be used to indicate whether or not a browser should be allowed to open a page in frame or iframe. This will prevent site content embedded into other sites. Did you every try embed Google.com on your website as a frame? You can’t because it’s protected and you can protect it too. There are three settings for X-Frame-Options:

Implement in Apache, IBM HTTP Server

Login to Apache or IHS server Take a backup of a configuration file Add following line in httpd.conf file

Restart the respective webserver to test the application

Implement in Shared Web Hosting

If your website is hosted on shared web hosting, then you won’t have permission to modify httpd.conf. However, you can achieve this by adding the following line in the .htaccess file. Change is reflected immediately without doing any restart.

Verification

You can use any web developer tool to view Response headers. You can also use an online tool – Header Checker to verify. How did it go? If you are running an online business, then you may consider using Cloud WAF for all-in-one security protection and monitoring.

Secure Apache from Clickjacking with X FRAME OPTIONS - 36Secure Apache from Clickjacking with X FRAME OPTIONS - 15Secure Apache from Clickjacking with X FRAME OPTIONS - 16Secure Apache from Clickjacking with X FRAME OPTIONS - 14Secure Apache from Clickjacking with X FRAME OPTIONS - 64Secure Apache from Clickjacking with X FRAME OPTIONS - 15Secure Apache from Clickjacking with X FRAME OPTIONS - 73Secure Apache from Clickjacking with X FRAME OPTIONS - 40Secure Apache from Clickjacking with X FRAME OPTIONS - 91Secure Apache from Clickjacking with X FRAME OPTIONS - 30Secure Apache from Clickjacking with X FRAME OPTIONS - 30Secure Apache from Clickjacking with X FRAME OPTIONS - 88Secure Apache from Clickjacking with X FRAME OPTIONS - 81Secure Apache from Clickjacking with X FRAME OPTIONS - 63Secure Apache from Clickjacking with X FRAME OPTIONS - 61Secure Apache from Clickjacking with X FRAME OPTIONS - 5Secure Apache from Clickjacking with X FRAME OPTIONS - 13Secure Apache from Clickjacking with X FRAME OPTIONS - 24Secure Apache from Clickjacking with X FRAME OPTIONS - 28Secure Apache from Clickjacking with X FRAME OPTIONS - 27Secure Apache from Clickjacking with X FRAME OPTIONS - 74Secure Apache from Clickjacking with X FRAME OPTIONS - 18Secure Apache from Clickjacking with X FRAME OPTIONS - 65