Forum Discussion

Altostratus

Aug 27, 2013

Clickjacking protection with X-Frame options

We have a situation where sites are missing X-Frame Options How can we return a response header with the name X-Frame-Options and the value DENY to prevent framing altogether, or the value SAMEORIGIN...

Kevin_Stewart

Employee

Aug 27, 2013

I'd use a replace:

when HTTP_RESPONSE {
   HTTP::header replace X-Frame-Options "SAMEORIGIN"
}

Recent Discussions

NAT for specific IPs
Nov 13, 2024
Deena
Upgrading BIGIP 2000S to R2600
Nov 13, 2024
TheKingFish
TS Declarations for DNS
Nov 13, 2024
Bryan_T_
how to view list os client support via cli
Nov 13, 2024
Anzine321
automatic learning logs/report ?
Nov 13, 2024
MerryIT

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

Clickjacking protection with X-Frame options

Recent Discussions

NAT for specific IPs

Upgrading BIGIP 2000S to R2600

TS Declarations for DNS

how to view list os client support via cli

automatic learning logs/report ?

Related Content

Clickjacking Protection Using X-FRAME-OPTIONS Available for Firefox

Adding Security HTTP Headers with an iRule for HSTS, XSS, Clickjacking and Content Web Protection

Removing x-frame-options header from response when using APM

L7 DoS Protection with NGINX App Protect DoS

Beyond REST: Protecting GraphQL

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS