PSR-7 Middleware that provides clickjacking protection via the X-Frame-Options header.
Middleware that sets the X-Frame-Options HTTP header in HTTP responses. Does not set the header if it's already set. By default, sets the X-Frame-Options header to 'SAMEORIGIN', meaning the response can only be loaded on a frame within the same site.
Note: older browsers will quietly ignore this header, thus other clickjacking protection techniques should be used if protection in those browsers is required.
composer require mikica/clickjacking-middleware
In Slim 3:
//new Clickjacking\Middleware\XFrameOptions("DENY")
$app->add(new Clickjacking\Middleware\XFrameOptions());
$app->get('/', function ($request, $response, $args) {
return $response;