WebMail Pro PHP documentation

Preventing clickjacking attacks with X-Frame-Options header

Starting from version 7.4.1 of WebMail Pro, you can disallow embedding the product interface into IFrame, which can be helpful toward preventing clickjacking attacks. This is done by forcing specific value of X-Frame-Options HTTP header, you can read more on this at this Wikipedia page.

If you wish to disallow embedding WebMail Pro interface into IFrame, add the following item into array defined in data/settings/config.php file:

'labs.x-frame-options' => 'SAMEORIGIN',

Note that even with this setting applied, you will still be able to use the embedding yourself, as long as WebMail Pro and the page containing IFrame are within the same domain.