X-Frame-Options头未设置怎么解决?在页面头部加入:
<meta http-equiv="X-XSS-Protection" content="1; mode=block" />
然后在nginx.conf增加:
add_header X-XSS-Protection 1; add_header X-Frame-Options "SAMEORIGIN"; add_header X-XSS-Protection "1; mode=block"; add_header X-Content-Type-Options "nosniff";