Forum Discussion

Nimbostratus

Aug 23, 2017

ASM-custom-response-page Enable X-Frame-Option

ASM Experts, Is there any potential impact when we enable X-Frame-option deny/Sameorgin on ASM Custom Violation response page? Please advice .Thanks

Cirrostratus

Aug 24, 2017

Hello Kash,

If your "custom response page" contains and you add : <ul> <li>"X-Frame-Options: DENY" then the browser will not load the iframe content </li> <li>"X-Frame-Options: SAMEORIGIN" then browser will load only iframe comming from same domain</li> </ul> If your "custom response page" doesn't contain iframe there is no impact to do this on the blocking page itself. Regards

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

ASM-custom-response-page Enable X-Frame-Option

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

ACME DNS RFC-2136 Let's Encrypt certs

MAC users unable to access Internet when on Netskope

Could not communicate with the system. Try to reload page.

F5 mssql health monitor failing

DNS Traffic from floating IP to public IP of a VIP

Related Content

ASM custom response page add additional information

Removing x-frame-options header from response when using APM

Clickjacking Protection Using X-FRAME-OPTIONS Available for Firefox

Set x-frames-options header values depending on URI

Modifying ASM custom response pages programmatically

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS