See more

How to protect a website from clickjacking in Plesk for Linux

Kuzma Ivanov

Updated April 05, 2023 03:59

kb: how-to Plesk for Linux ABT: Group B

Applicable to:

Plesk for Linux

Question

How to prevent clickjacking using the Apache/nginx directives on the Plesk server?

Answer

To prevent clickjacking, add the X-Frame-Options directive with the DENY value to Apache and nginx configuration of a domain:

Log in to Plesk.
Go to Domains > example.com > Apache & nginx Settings.
- For Apache, add this line to the Additional directives for HTTP and Additional directives for HTTPS fields:
  
  CONFIG_TEXT: Header set X-Frame-Options DENY
- For nginx, add this line to the Additional nginx directives field:
  
  CONFIG_TEXT: add_header X-Frame-Options DENY;
  
  Note: This configuration may break some Roundcube options.

Additional Information

RFC 7034 - HTTP Header Field X-Frame-Options

Comments

0 comments

Please sign in to leave a comment.

Have more questions? Submit a request