X-Frame-Options
Checks for clickjacking protection header
Checks for clickjacking protection header
| Rule ID | security/x-frame-options |
| Category | Security |
| Scope | Site-wide |
| Severity | warning |
| Weight | 5/10 |
Solution
X-Frame-Options prevents your site from being embedded in iframes, protecting against clickjacking attacks. Set: X-Frame-Options: DENY (no framing) or SAMEORIGIN (same origin only). For modern browsers, CSP frame-ancestors is preferred: Content-Security-Policy: frame-ancestors ‘self’. Use both for maximum compatibility.
Enable / Disable
Disable this rule
squirrel.toml
toml[rules]
disable = ["security/x-frame-options"]Disable all Security rules
squirrel.toml
toml[rules]
disable = ["security/*"]Enable only this rule
squirrel.toml
toml[rules]
enable = ["security/x-frame-options"]
disable = ["*"]