I am using Apache server for Wamp application. While doing security testing, I got these error reports which says:
X-Frame-Options Header Not Set. For this I know that there are 3 types of X-Frame Options. But where do I implement the SAMEORIGIN option and how?
X-Content-Type-Options Header Missing.
What do I need to do to solve these? Thank you.
Set the following headers:
X-Frame-Options: SAMEORIGIN
X-Content-Type-options: nosniff
Since you are using Apache, add the following to the apache config:
Header always set X-Frame-Options "SAMEORIGIN"
Header always set X-Content-Type-Options nosniff
The above won't do anything for a local test server. But, you should always set them in public production servers.
Remember: Even though it doesn't do anything for local servers, you could develop your website with this environment, so that it doesn't suffer when you release it on production.