X-Frame-Options

that was easy. after watching this talk on 28c3 i enabled the X-Frame-Options for apache and varnish. apache:

Header set X-Frame-Options deny 

varnish:

sub vcl_deliver {
  set resp.http.X-Frame-Options = "deny";
}
This content is licensed under a Creative Commons Attribution 3.0 License.