summaryrefslogtreecommitdiff
path: root/puppet/modules/site_apache/files/conf.d
diff options
context:
space:
mode:
Diffstat (limited to 'puppet/modules/site_apache/files/conf.d')
-rw-r--r--puppet/modules/site_apache/files/conf.d/security5
1 files changed, 5 insertions, 0 deletions
diff --git a/puppet/modules/site_apache/files/conf.d/security b/puppet/modules/site_apache/files/conf.d/security
index 11159f48..a5ae5bdc 100644
--- a/puppet/modules/site_apache/files/conf.d/security
+++ b/puppet/modules/site_apache/files/conf.d/security
@@ -48,3 +48,8 @@ ServerSignature Off
#TraceEnable Off
TraceEnable On
+# Setting this header will prevent other sites from embedding pages from this
+# site as frames. This defends against clickjacking attacks.
+# Requires mod_headers to be enabled.
+#
+Header set X-Frame-Options: "DENY"