Question
Someone has any idea how prevent "X-Frame-Options header is not set" vulnerability in PHP?
Solution
This isn't so much a PHP vulnerability as it is a "not added" feature to your web server.
You can of course throw in header("X-Frame-Options=SAMEORIGIN"); into every page...but that's not feasible simply read below and add the required data to your HTTPd config file.
https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options
OTHER TIPS
Not sure why you would class it as a vulnerability, but you can control who is allowed to frame your site:
You would be safest to use:
https://stackoverflow.com/questions/23615263
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianHeader always append X-Frame-Options SAMEORIGIN
In your htaccess (assuming you are using apache) as it allows you to iframe your content from the same site (you shouldn't need to use frames at all, but in my experience, when dealing with third party code you sometimes find iframes).
