Forum Discussion
X-Frame-Options with deny does not block iframe
I have an iRule as follows:
when HTTP_RESPONSE {
if {!([HTTP::header exists "X-Frame-Options"])} {
HTTP::header insert X-Frame-Options "DENY"
}
}
I expected the following page was blocked.
<html>
<iframe src="https://abc.org/wfc/logon" title="description"></iframe>
<head></head>
<body>
</body>
</html>
But it was not blocked.
What did I miss here ?
thanks !!
- gongyaAltocumulus
After more reading, it seems the x-frame-options prevents the page in my server from being loaded by someone else, right ?
If I loaded another page in the same server within iframe, the page should be loaded ?
When I tested it, the page was still loaded within <iframe> page </iframe>. Is this supposed to be?
- gongyaAltocumulus
How can I test a page blocked by x-frame-options DENY ?
- gongyaAltocumulus
I figured it out. thanks !!
Recent Discussions
Related Content
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com