← Back to ClickJack Test

Docs

Step-by-step guides for adding clickjacking protection on your stack.

NGINX

The always parameter, inheritance trap, proxy mode, and curl verification. Covers add_header at http, server, and location levels.

Read the guide →

Apache

mod_headers Header directive, .htaccess vs virtual host, the always keyword, and the duplicate-header table gotcha when proxying to backends.

Read the guide →

Cloudflare

Three methods: Managed Transforms (one-click), Response Header Transform Rules (dashboard + API), and Pages _headers file for static sites.

Read the guide →