Prevent clickjacking on Drupal and other Apache web applications
Security is an important aspect to keep an eye for, and this time it’s about preventing clickjacking on Drupal and other Apache web applications.
Edit apache’s configuration file, which may be your declared vhost or such, usually at a location like
/etc/httpd/conf.d/default.conf and make sure the following
Header always append X-Frame-Options SAMEORIGIN
This will disable embedding your website as an iFrame.