Details
The X-Frame-Options header should be set to allow specific websites or no sites at all to embed your website as an object within their own, depending on your organizational policy and application needs.
Rationale:
The X-Frame-Options header allows you to mitigate the risk of clickjacking attacks.
Solution
Add the below to your server blocks in your nginx configuration. The policy should be configured to meet your organization’s needs.
add_header X-Frame-Options ‘SAMEORIGIN’;
Supportive Information
The following resource is also helpful.
This security hardening control applies to the following category of controls within NIST 800-53: Configuration Management.This control applies to the following type of system Unix.