I ran one of these website inspection services on my website and it was deemed
to be subject to Clickjacking. This might be a false positive since I don't use
frames, but the info on this link was enough to make the error go away. I chose
"DENY" since I don't use frames.
The inspection was from tinfoilsecurity.com. If you are blocking AWS (and you
should be from Web ports ), you will have to make an exception for their IP.
nginx mailing list