F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

NickLuckcuck_32's avatar
NickLuckcuck_32
Icon for Nimbostratus rankNimbostratus
Aug 08, 2018

ASM X-FRAME-OPTIONS identification of issues prior to deployment.

Hi All,   I am looking at deploying an ASM policy, this policy will activate the X-FRAME-OPTIONS header.   My question is: is there a sensible way of understanding if any of my customers are us...
ASM Advanced WAF
security
samstep's avatar
samstep
Icon for Cirrocumulus rankCirrocumulus
Aug 14, 2018

This is not easy as only the browser knows if a website is rendered in an iframe of a full window.

 

One way of getting that information is to use CSP (Content Security Policy) in Report-Only mode with the equivalent setting of X-FRAME-OPTIONS header and send reports to a CSP reporting service such as report-uri.com

 

Beware that if you find out that people are indeed "framing" your website they are just as likely to be hackers/attackers as legit customers - not quite sure how you would distinguish between them.