Forum Discussion
NickLuckcuck_32
Nimbostratus
NimbostratusASM X-FRAME-OPTIONS identification of issues prior to deployment.
Hi All,
I am looking at deploying an ASM policy, this policy will activate the X-FRAME-OPTIONS header.
My question is: is there a sensible way of understanding if any of my customers are us...
youssef1
Cumulonimbus
CumulonimbusI don't know what kind of application/website you secure but X-Frame-Options allowed you to prevent clickjacking attacks. And also the reputation of your site that can be hosted anywhere through an Iframe.
I think you should do it differently. block it and if someone need that your application have to be hosted trough an Iframe he must clearly justify it... and In F5 you have tha availlability to allow X-Frame-Options for a specific domain:
https://support.f5.com/csp/article/K16642
let me now if you need more details.
regards
