Forum Discussion

Altostratus

Aug 27, 2013

Clickjacking protection with X-Frame options

We have a situation where sites are missing X-Frame Options How can we return a response header with the name X-Frame-Options and the value DENY to prevent framing altogether, or the value SAMEORIGIN...

Kevin_Stewart

Employee

Aug 27, 2013

I'd use a replace:

when HTTP_RESPONSE {
   HTTP::header replace X-Frame-Options "SAMEORIGIN"
}

Recent Discussions

Background Tasks
Nov 22, 2024
eagertolearn
APM with EntraID as idP / request signed
Nov 22, 2024
andradejp
Should config via cli rather than gui?
Nov 22, 2024
Herman2024
APM Modern Customization - modify Header in user-common.js and form in user-logon.js
Nov 22, 2024
emalzer
Which process is consuming higher CPU
Nov 22, 2024
eagertolearn

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Clickjacking protection with X-Frame options

Recent Discussions

Background Tasks

APM with EntraID as idP / request signed

Should config via cli rather than gui?

APM Modern Customization - modify Header in user-common.js and form in user-logon.js

Which process is consuming higher CPU

Related Content

Clickjacking Protection Using X-FRAME-OPTIONS Available for Firefox

Removing x-frame-options header from response when using APM

Adding Security HTTP Headers with an iRule for HSTS, XSS, Clickjacking and Content Web Protection

L7 DoS Protection with NGINX App Protect DoS

Beyond REST: Protecting GraphQL

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS