Forum Discussion

Nimbostratus

Aug 08, 2018

ASM X-FRAME-OPTIONS identification of issues prior to deployment.

Hi All, I am looking at deploying an ASM policy, this policy will activate the X-FRAME-OPTIONS header. My question is: is there a sensible way of understanding if any of my customers are us...

ASM Advanced WAF

security

samstep

Cirrocumulus

Aug 14, 2018

This is not easy as only the browser knows if a website is rendered in an iframe of a full window.

One way of getting that information is to use CSP (Content Security Policy) in Report-Only mode with the equivalent setting of X-FRAME-OPTIONS header and send reports to a CSP reporting service such as report-uri.com

Beware that if you find out that people are indeed "framing" your website they are just as likely to be hackers/attackers as legit customers - not quite sure how you would distinguish between them.

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

ASM X-FRAME-OPTIONS identification of issues prior to deployment.

Jonathan - March 2026 Featured Member

F5 AppWorld 2026 Las Vegas - iRules Contest Winners!

2026 F5 DevCentral MVP Announcement

Recent Discussions

T4 and ALL tenant images

Unable to Forward APM and AFM Logs to AWS CloudWatch Using Telemetry Streaming

Managing iRules configuration

CPU load when Prometheus is scraping metrics from F5 BIG-IP LTM

[ASM] - How to disable the SQL injection attack signatures

Related Content

Removing x-frame-options header from response when using APM

Clickjacking Protection Using X-FRAME-OPTIONS Available for Firefox

Set x-frames-options header values depending on URI

Where are F5's archived deployment guides?

BIG-IP Next for Kubernetes CNFs deployment walkthrough

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS