For more information regarding the security incident at F5, the actions we are taking to address it, and our ongoing efforts to protect our customers, click here.

Forum Discussion

NickLuckcuck_32's avatar
NickLuckcuck_32
Icon for Nimbostratus rankNimbostratus
Aug 08, 2018

ASM X-FRAME-OPTIONS identification of issues prior to deployment.

Hi All,   I am looking at deploying an ASM policy, this policy will activate the X-FRAME-OPTIONS header.   My question is: is there a sensible way of understanding if any of my customers are us...
ASM Advanced WAF
security
youssef1's avatar
youssef1
Icon for Cumulonimbus rankCumulonimbus
Aug 14, 2018

I don't know what kind of application/website you secure but X-Frame-Options allowed you to prevent clickjacking attacks. And also the reputation of your site that can be hosted anywhere through an Iframe.

 

I think you should do it differently. block it and if someone need that your application have to be hosted trough an Iframe he must clearly justify it... and In F5 you have tha availlability to allow X-Frame-Options for a specific domain:

 

https://support.f5.com/csp/article/K16642

 

let me now if you need more details.

 

regards