ASM-custom-response-page Enable X-Frame-Option

Question

ASM Experts,  Is there any potential impact when we enable X-Frame-option deny/Sameorgin on ASM Custom Violation response page?  Please advice .Thanks&nbsp;

kash_276820 · Answer

Experts Any updates?&nbsp;

jad_tabbara__j1 · Answer

Hello Kash, &nbsp;
If your "custom response page" contains  and you add :&lt;/p&gt;
&lt;ul&gt;
&lt;li&gt;"X-Frame-Options: DENY" then the browser will not load the iframe content &lt;/li&gt;
&lt;li&gt;"X-Frame-Options: SAMEORIGIN" then browser will load only iframe comming from same domain&lt;/li&gt;
&lt;/ul&gt;
&lt;p&gt;If your "custom response page" doesn't contain iframe there is no impact to do this on the blocking page itself. &lt;/p&gt;
&lt;p&gt;Regards&lt;/p&gt;&nbsp;

samstep · Answer

Should be no impact - these headers provide Clickjacking attack mitigation&nbsp;

Forum Discussion

ASM-custom-response-page Enable X-Frame-Option

Recent Discussions

Help needed with iRule (connection closed log )

AS3 Limitations

Use of SSL Decryption.

VLAN Failsafe Functionality

FTP PASV mode to Extended Passive mode

Related Content

ASM custom response page add additional information

Removing x-frame-options header from response when using APM

Clickjacking Protection Using X-FRAME-OPTIONS Available for Firefox

Set x-frames-options header values depending on URI

Modifying ASM custom response pages programmatically

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS