0

i'm tried to enable X-FRAME only my spasific VH

on httpd-default.conf

i set the line:

Header always append X-Frame-Options SAMEORIGIN

on my website that i need to enable X-FRAME from specific Source:

Header always append X-Frame-Options "ALLOW-FROM https://sites.com"

my main idea it's to block by default X-FRAME

using apache 2.4

thanks

EMottet
  • 310
  • 1
  • 3
  • 14
geticlone2017
  • 3
  • 1
  • 6

1 Answers1

0

I had a problem using Header always append... (sometimes doesn't works) so I changed to:

Header set X-Frame-Options "ALLOW-FROM https://sites.com"

and it works!

Only remember than Chrome doesn't have support for ALLOW-FROM so it will be ignored and always can pass.

PD: It´s recomended to avoid the use of X-Frame-Options and change to Content Security Policy using frame-src: 'src' https://sites.com 'etc';

Alexander
  • 90
  • 1
  • 3
  • 11