X-Frame-Options

Checks for clickjacking protection header


Rule ID	`security/x-frame-options`
Category	Security
Scope	Per-page
Severity	warning
Weight	5/10

Solution

X-Frame-Options prevents your site from being embedded in iframes, protecting against clickjacking attacks. Set: X-Frame-Options: DENY (no framing) or SAMEORIGIN (same origin only). For modern browsers, CSP frame-ancestors is preferred: Content-Security-Policy: frame-ancestors ‘self’. Use both for maximum compatibility.

Enable / Disable

Disable this rule

squirrel.toml

[rules]
disable = ["security/x-frame-options"]

Disable all Security rules

squirrel.toml

[rules]
disable = ["security/*"]

Enable only this rule

squirrel.toml

[rules]
enable = ["security/x-frame-options"]
disable = ["*"]

Getting Started

CLI

Concepts

CLI Reference

Rules Reference

Solution

Enable / Disable

Disable this rule

Disable all Security rules

Enable only this rule

Getting Started

CLI

Concepts

CLI Reference

Rules Reference

​Solution

​Enable / Disable

​Disable this rule

​Disable all Security rules

​Enable only this rule

Solution

Enable / Disable

Disable this rule

Disable all Security rules

Enable only this rule