X-Frame-Options HTTP response header defends an application from clickjacking attacks. It can be used to indicate whethera browser is allowed to render a page in a
For example, to disallow displaying of a page in a frame:
This header can be configured in three ways:
DENY– disables the iframe features completely.
SAMEORIGIN– allows iframe to be used by anyone from the same origin.
ALLOW-FROM– allows iframes from specific URLs
Add the following parameter to the nginx configuration file in the server section:
add_header X-Frame-Options "SAMEORIGIN";
Header always set X-Frame-Options "SAMEORIGIN"