@@ -136,5 +136,5 @@ server {
}
# website should not be displayed inside a <frame>, an <iframe> or an <object>
- add_header X-Frame-Options DENY;
+ add_header X-Frame-Options SAMEORIGIN;
@@ -110,4 +110,8 @@ server {
expires max;
log_not_found off;
+
+ # website should not be displayed inside a <frame>, an <iframe> or an <object>
@@ -59,4 +59,7 @@ server {
location ~ /\.ht {
deny all;
@@ -35,4 +35,7 @@ server {