- I’ve run sudo a2enmod in my workspace to enable mod_headers
- In /etc/apache2/conf.enabled, there is a symlink to security.conf.
- security.conf contains the line 'append X-FRAME-OPTIONS “SAMEORIGIN” ’ This line was originally commented out, but I’ve removed the ‘#’.
- I’ve restarted Apache after the changes above
These changes should lead to the server providing a header line “X-Frame-Options: SAMEORIGIN”, but no such header line appears.
I’m not aware of any other changes required to enable this, and I need this for functionality in a CMS I’m using to develop a test site.
This therefore appears to be a bug.