Kumar
Reputation: 11
How can I prevent Clickjacking attack on my Prestashop website?
I added the
<meta http-equiv="X-Frame-Options" content="deny">
in header.tpl file ,but it not working and throws an error.
X-Frame-Options may only be set via an HTTP header sent along with a document. It may not be set inside .
And I also added the
Header always append X-Frame-Options SAMEORIGIN
line in .htaccess file. But this is also not working.
Then how can I prevent Clickjacking on my Website?
For references : Clickjacking Defense Cheat Sheet | OWASP and X-Frame-Options - HTTP
Upvotes: 0
Views: 769
Answers (1)
coderz.cz
Reputation: 69
I suggest you to edit the .htaccess in your PrestaShop root folder installation and, just before the lines identified by "# ~~start~~ Do not remove..." add the following block:
# Extra Security Headers
<IfModule mod_headers.c>
Header set Content-Security-Policy "default-src 'unsafe-inline' 'unsafe-eval' 'self' *.googleapis.com *.gstatic.com;"
Header set X-XSS-Protection "1; mode=block"
Header always append X-Frame-Options SAMEORIGIN
Header set X-Content-Type-Options nosniff
Header set Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
</IfModule>
This will provide protection against: clickjacking - content sniffing - XSS attacks
Upvotes: 0
Related Questions
- X-Frame-Options: ALLOW-FROM in firefox and chrome
- How do I test if my website prevented Clickjacking?
- Prestashop iframe
- How to add "X-Frame-Options" header in .htaccess file to protect against 'ClickJacking' attacks
- Click Jacking Vulnerability
- website cloned in iframe (and javascript disabled)
- Clickjacking protection using 'X-Frame-Options'?
- To stop ClickJacking, which one is more secure? breaking out of iframe vs X-Frame-Options to Deny or Same Origin
- How to detect a Clickjacking attack in a web page
- How to prevent Iframe hack