[Passmarked] jmd suggested a edit

[passmarkedbot]

A edit was suggested from the library page - https://passmarked.com/library/security/http/frameoptions.missing.

The documentation of the rule should be in docs/frameoptions.missing.md

The suggested content is:

Clickjacking attacks happen when your site is loaded within an IFrame and the attacker has control over your input by layering over it.
This HTTP header configures whether your site may be loaded in an IFrame or not.

The recommended value:

X-Frame-Options: SAMEORIGIN

// or

X-Frame-Options: DENY

// or

X-Frame-Options: ALLOW-FROM http://passmarked.com

`SAMEORIGIN` instructs that you may frame your own site while `DENY` says that it may not be framed at all. 
You may allow specific sites to frame you by using `ALLOW-FROM`.

# How do I fix this ?

Although you may set http headers in your application code it is often simpler to configure the web server to set it properly.

// nginx
add_header X-Frame-Options SAMEORIGIN;

// apache

Header set X-Frame-Options: SAMEORIGIN

# Resources

* https://www.owasp.org/index.php/Clickjacking_Defense_Cheat_Sheet
* https://developer.mozilla.org/en-US/docs/Web/HTTP/X-Frame-Options

User agent of user: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.181 Safari/537.36