gongya
Nov 24, 2021Altocumulus
X-Frame-Options with deny does not block iframe
I have an iRule as follows:
when HTTP_RESPONSE {
if {!([HTTP::header exists "X-Frame-Options"])} {
HTTP::header insert X-Frame-Options "DENY"
}
}
I expected the following page was blocked.
<html>
<iframe src="https://abc.org/wfc/logon" title="description"></iframe>
<head></head>
<body>
</body>
</html>
But it was not blocked.
What did I miss here ?
thanks !!