Menu
I have hosted a website which is created using Wordpress.
I am getting a security alert saying "X-Frame-Options Header Not Set", but I can't figure out what that means.
Can anyone explain what this warning is about, and give me a solution on how to stop it from occuring?
533
The X-Frame-Options HTTP response header can be used to indicate whether or not a browser should be allowed to render a page in a <frame> , <iframe> , <embed> or <object> . Sites can use this to avoid click-jacking attacks, by ensuring that their content is not embedded into other sites.
Just drop the following code into your theme's functions. php file and you will have enabled HTTP Strict Transport Security (HSTS) to your WordPress site. * Enables the HTTP Strict Transport Security (HSTS) header in WordPress. add_action( 'send_headers' , 'tg_enable_strict_transport_security_hsts_header_wordpress' );
Here's an easier one-liner to set X-Frame-Options SAMEORIGIN that works, add the following to the functions.php file in your current Wordpress theme:
add_action( 'send_headers', 'send_frame_options_header', 10, 0 );
69
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
