changed nginx X-Frame-Option to SAMEORIGIN

assets/vhosts/drupal-ssl.nginxconf

@@ -136,5 +136,5 @@ server {
   }
 
   # website should not be displayed inside a <frame>, an <iframe> or an <object>
-  add_header X-Frame-Options DENY;
+  add_header X-Frame-Options SAMEORIGIN;;
 }

assets/vhosts/drupal.nginxconf

@@ -110,4 +110,8 @@ server {
       expires max;
       log_not_found off;
     }
+
+    # website should not be displayed inside a <frame>, an <iframe> or an <object>
+    add_header X-Frame-Options SAMEORIGIN;;
+
 }

assets/vhosts/simple-phpfpm-ssl.nginxconf

@@ -59,4 +59,8 @@ server {
   location ~ /\.ht {
     deny all;
   }
+
+  # website should not be displayed inside a <frame>, an <iframe> or an <object>
+  add_header X-Frame-Options SAMEORIGIN;;
+
 }

assets/vhosts/simple-phpfpm.nginxconf

@@ -35,4 +35,8 @@ server {
   location ~ /\.ht {
     deny all;
   }
+
+  # website should not be displayed inside a <frame>, an <iframe> or an <object>
+  add_header X-Frame-Options SAMEORIGIN;;
+
 }