Forum Discussion

gongya's avatar
Icon for Altocumulus rankAltocumulus
Nov 24, 2021

X-Frame-Options with deny does not block iframe

I have an iRule as follows:


   if {!([HTTP::header exists "X-Frame-Options"])} {

       HTTP::header insert X-Frame-Options "DENY"




I expected the following page was blocked.


 <iframe src="" title="description"></iframe>






But it was not blocked.

What did I miss here ?


thanks !!

3 Replies

  • After more reading, it seems the x-frame-options prevents the page in my server from being loaded by someone else, right ?

    If I loaded another page in the same server within iframe, the page should be loaded ?

    When I tested it, the page was still loaded within <iframe> page </iframe>. Is this supposed to be?

  • How can I test a page blocked by x-frame-options DENY ?