Forum Discussion
Clickjacking protection with X-Frame options
We have a situation where sites are missing X-Frame Options How can we return a response header with the name X-Frame-Options and the value DENY to prevent framing altogether, or the value SAMEORIGIN to allow framing only by pages on the same origin as the response itselfSecure Cookies
I found the following single line iRule implementation, can you please verify
when HTTP_RESPONSE { HTTP::header insert "X-FRAME-OPTIONS" “(DENY || SAMEORIGIN)” }
- Kevin_StewartEmployee
I'd use a replace:
when HTTP_RESPONSE { HTTP::header replace X-Frame-Options "SAMEORIGIN" }
- Deepak__M_K_165Nimbostratus
Hi Kevin ,
How to test once we have implemented the iRule ?
thanks and regards Deepak MK
- Jaz_170005Nimbostratus
Hello Everyone,
That iRule works, however it means that we have to add it to every VS we have (we have tons of those). is there a better solution? does F5 has a HF for it?
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com