Create a '_header' file in the same place as index.html
add below to file:
index.html
# Headers for that path:
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
With this the UI test will need to be updated. A html file will need to be generated containing the below:
<html>
<head>
<title>Clickjack test page</title>
</head>
<body>
<p>Website is vulnerable to clickjacking!</p>
<iframe src="https://girlscodelincoln.com/" width="500" height="500"></iframe>
</body>
</html>
Then the iframe will need to be hit to ensure that it can't test the site as the site should not show in an iframe. Then the html file will need to be deleted. (we could keep the file and make it easier but that might be odd.)
benweese
commented
4 years ago
https://www.netlify.com/docs/headers-and-basic-auth/
Create a '_header' file in the same place as index.html
add below to file:
With this the UI test will need to be updated. A html file will need to be generated containing the below:
Then the iframe will need to be hit to ensure that it can't test the site as the site should not show in an iframe. Then the html file will need to be deleted. (we could keep the file and make it easier but that might be odd.)