How to prevent a website from clickjacking?

Created:

2017-05-26 23:15:41 UTC

Modified:

2017-08-16 17:34:33 UTC

1

Was this article helpful?


Have more questions?

Submit a request

How to prevent a website from clickjacking?

Applicable to:

  • Plesk Onyx for Linux

Question

How to prevent the clickjacking using the Apache/nginx directives on the Plesk server?

Answer

There are 3 ways to configure it. In order to prevent a clickjacking the X-Frame-Options header must be declared under Domains > example.com > Apache & nginx Settings as follows:

  1. Standalone Apache:
    Additional directives for HTTP :
    Header set X-Frame-Options DENY

    Additional directives for HTTPS:

    Header set X-Frame-Options DENY
  2. Standalone nginx:
    Additional nginx directives :

    add_header X-Frame-Options DENY always;
  3. Apache with nginx as reverse proxy server:
    Additional nginx directives :

    location ~ {
    add_header x-frame-options "DENY" always;
    }

    In this case, additional Apache directives for HTTP/HTTPS will not be applied.

Additional Information

HTTP Header Field X-Frame-Options

Have more questions? Submit a request
Please sign in to leave a comment.