Search code examples
cross-domainx-frame-options

get error when set X-FRAME-OPTIONS in Apache HTTP Server 2.2

Got below issue when I trying to add below code into httpd.conf file tail:

#iframe config
Header always append X-Frame-Options ALLOW-FROM http://xxxx

Syntax error on line 489 of C:/Program Files (x86)/Apache Software Foundation/Ap ache2.2/conf/httpd.conf: Invalid command 'Header', perhaps misspelled or defined by a module not included in the server configuration

Solution

    1. Add/uncomment below loading command

       LoadModule headers_module modules/mod_headers.so

    2. Change the line to below

       #Header set X-Frame-Options "ALLOW-FROM http://xxxxxx"
 #Header set X-Frame-Options "DENY"
 Header set X-Frame-Options "SAMEORIGIN"