How can I add anti-clickjacking X-Frame-Options header to my installation of Discourse?

I found security problem with my installation of Discourse.
How can I add http header X-Frame-Option DENY to my app.yml file?

The hosting is DigitalOcean.

I’m scanned forums by Nikto2 and Vega - Penetration Testing Toolkit.

2 Likes

Thank you for link with method to solve problem.

1 Like

Problem is still with /assets/ directory.