Test if your website is defending from Clickjacking attack

Check if X-Frame-Options is available in your site HTTP response headers

Netsparker Web Application Security Scanner - the only solution that delivers automatic verification of vulnerabilities with Proof-Based Scanning™.

What is X-Frame-Options?

X-Frame-Options is a security header to prevent a well-known vulnerability called Clickjacking. This instruct browser not to open a web page in a frame or iframe based on the configuration.

You can inject HTTP response header by configuring a web server or network devices. The following guide should help you.

To configure in Apache HTTP, Nginx, F5, WordPress.

X-Frame-Options header is compatible with the modern browser. Once implemented, you can use this tool to verify.