Mar 27, 2026 - For details about updated CVE-2025-53521 (BIG-IP APM vulnerability), refer to K000156741.

Forum Discussion

edmonaft_351139's avatar
edmonaft_351139
Icon for Nimbostratus rankNimbostratus
Mar 12, 2018

Clickjacking protection (X-FRAME-OPTIONS) on F5 LTM 12.1.2 HF2 without using iRules

Hi there,   I wonder if is there a setting that controls this within F5 and hopefully without resorting to using irules.   Thank you!  
big-ip
click jacking
LTM
security
x-frame-options
nathe's avatar
nathe
Icon for Cirrocumulus rankCirrocumulus
Mar 12, 2018

ASM has a Clickjacking feature but there isn't a core feature in LTM to provide this protection. If you don't want to use an iRule then you can create a Local Traffic Policy, something like this:

ltm policy /Common/clickjacking {
    controls { response-adaptation }
    requires { http }
    rules {
        x-frame-options_rule {
            actions {
                0 {
                    http-header
                    response
                    insert
                    name X-Frame-Options
                    value DENY
                }
            }
            ordinal 1
        }
    }
    strategy /Common/first-match
}

You may want to enable this on specific URLs.

Anyway, hope this helps,

N