Add X-Frame-Options in Drupal 8 with the Security Kit Module

by InMotion Hosting Contributor

0 Minutes, 51 Seconds to Read

The X-Frame-Options HTTP header specifies whether your Drupal website can be displayed within other websites with the <frame>, <iframe>, <object>, or <embed> HTML tags. This improves Drupal security against clickjacking and related cyber attacks.

Below we’ll cover how to install the Security Kit module and enable X-Frames-Options.

Mozilla recommends using the superseding Content Security Policy frame-ancestors attribute instead.

Install Security Kit

  1. Login to Drupal.
  2. Install the Drupal module using the Security Kit download link.
  3. Click Install at the bottom.
  4. Click Configuration at the top.

X-Frames-Options

  1. Under System, Click Security Kit settings.
  2. Under Clickjacking, click X-Frame-Options Header for options.
  3. Select an X-Frames-Options HTTP header:
    SAMEORIGIN – your website can be framed in the same webpage (default option)
    Disabled
    DENY – website cannot be displayed in a frame
    ALLOW-FROM – website can only be framed within URIs specified below; may not work in newer browsers.
  4. At the bottom, click Save configuration.
Configure an X-Frame-Options response header
Enable X-Frames-Options if you’re not using Content Security Policy yet

Get high performance and security with our Managed Drupal Hosting.

InMotion Hosting Contributor
InMotion Hosting Contributor Content Writer

InMotion Hosting contributors are highly knowledgeable individuals who create relevant content on new trends and troubleshooting techniques to help you achieve your online goals!

More Articles by InMotion Hosting
Related Articles
How to Make a Duplicate Drupal Site
How to upload your custom logo in your Drupal 7 theme
How to Install Drush
Changing your Drupal 7 frontpage
Creating a comment section for your blog posts.
How to Log Into the Drupal Administrator Dashboard
How to Enable and Configure the Forum Module in Drupal
How to create a custom footer block in Drupal
How to enable images for Basic Pages in Drupal 7
Disabling Comment Titles for Users in Drupal

Was this article helpful? Join the conversation!

Need More Help?

Current Customers

Chat: Chat with Sales
Call: 757-416-6575 x2
Ticket: Submit a Support Ticket

Get Reliable Web Hosting

Chat: Chat with Sales
Email: [email protected]
Call: 757-416-6575 x1

Get web hosting that grows with your business. Our all-in-one hosting platform gives you everything your website needs to scale - so you can focus on the next big thing for you and your business.