# DJG201 Django middleware is missing `XFrameOptionsMiddleware`, which blocks clickjacking. ## Fixes Add `'django.middleware.clickjacking.XFrameOptionsMiddleware'` to `MIDDLEWARE` in Django settings ## See Also * [Django clickjacking protection documentation](https://docs.djangoproject.com/en/3.0/ref/clickjacking/#clickjacking-prevention)