DJG201

Django middleware is missing XFrameOptionsMiddleware, which blocks clickjacking.

Fixes

Add 'django.middleware.clickjacking.XFrameOptionsMiddleware' to MIDDLEWARE in Django settings

See Also

Django clickjacking protection documentation