diff --git a/src/data/best-practices/api-security/content/x-frame-options-deny.md b/src/data/best-practices/api-security/content/x-frame-options-deny.md index bf6e7450b..70217a521 100644 --- a/src/data/best-practices/api-security/content/x-frame-options-deny.md +++ b/src/data/best-practices/api-security/content/x-frame-options-deny.md @@ -3,3 +3,5 @@ > Send `X-Frame-Options: deny` header. The `X-Frame-Options` header prevents the page from being displayed in an iframe, which is commonly used in clickjacking attacks. By setting the value of this header to `deny`, you are telling the browser not to display the page in any iframe. This helps prevent the page from being embedded within an attacker's website and reduces the risk of clickjacking attacks. + +- [@video@Tutorial - X-Frame-Options HTTP Header and Click-Jacking](https://www.youtube.com/watch?v=Els0GRj0CQM) \ No newline at end of file