From 12ed3fba3dec2d1efcc31f7b86ac3e7de833dee3 Mon Sep 17 00:00:00 2001
From: David Goodwin <david@codepoets.co.uk>
Date: Wed, 4 Aug 2021 20:38:06 +0100
Subject: [PATCH] avoid a clickjacking attack reported on huntr.dev by
 @ranjit-git

---
 common.php | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/common.php b/common.php
index b82228aa..2e79ceec 100644
--- a/common.php
+++ b/common.php
@@ -27,6 +27,9 @@
         if (empty($_SESSION['flash'])) {
             $_SESSION['flash'] = array();
         }
+
+        // avoid clickjacking attacks?
+        header('X-Frame-Options: DENY');
     }
 }