Add X-Frame-Options in Drupal 8 with the Security Kit Module Updated on September 14, 2023 by InMotion Hosting Contributor 0 Minutes, 51 Seconds to Read The X-Frame-Options HTTP header specifies whether your Drupal website can be displayed within other websites with the <frame>, <iframe>, <object>, or <embed> HTML tags. This improves Drupal security against clickjacking and related cyber attacks. Below we’ll cover how to install the Security Kit module and enable X-Frames-Options. Mozilla recommends using the superseding Content Security Policy frame-ancestors attribute instead. Install Security Kit Login to Drupal. Install the Drupal module using the Security Kit download link. Click Install at the bottom. Click Configuration at the top. X-Frames-Options Under System, Click Security Kit settings. Under Clickjacking, click X-Frame-Options Header for options. Select an X-Frames-Options HTTP header:SAMEORIGIN – your website can be framed in the same webpage (default option)DisabledDENY – website cannot be displayed in a frameALLOW-FROM – website can only be framed within URIs specified below; may not work in newer browsers. At the bottom, click Save configuration. Enable X-Frames-Options if you’re not using Content Security Policy yet Get high performance and security with our Managed Drupal Hosting. Share this Article InMotion Hosting Contributor Content Writer InMotion Hosting contributors are highly knowledgeable individuals who create relevant content on new trends and troubleshooting techniques to help you achieve your online goals! More Articles by InMotion Hosting Related Articles Finding 404 page not found errors in Drupal 7 Removing the site title in Drupal 8 Content Types in Drupal 8 Disabling user images for posts and comments in Drupal 8 How to add an image in Drupal 7 How to upload your custom logo in your Drupal 7 theme Setting custom logos in your Drupal 8 theme Fixing the “An unrecoverable error occurred” error in Drupal How to Make a Duplicate Drupal Site How to Install a New Theme in Drupal
