Admin security: admin able to be served in an iframe on separate domains

Description

i.e. set X-FRAME-OPTIONS http header to "SAMEORIGIN"

Environment

None
Fixed
Your pinned fields
Click on the next to a field label to start pinning.

Assignee

Unassigned

Reporter

Dominic Watson

Accepted

Yes