F5 is upgrading its customer support chat feature on My.F5.com. Chat support will be unavailable from 6am-10am PST on 1/20/26. Refer to K000159584 for details.

Forum Discussion

gongya's avatar
gongya
Icon for Altocumulus rankAltocumulus
Nov 24, 2021

X-Frame-Options with deny does not block iframe

I have an iRule as follows: when HTTP_RESPONSE {    if {!([HTTP::header exists "X-Frame-Options"])} {        HTTP::header insert X-Frame-Options "DENY"    } }   I expected the following p...
LTM
security
gongya's avatar
gongya
Icon for Altocumulus rankAltocumulus
Nov 24, 2021

After more reading, it seems the x-frame-options prevents the page in my server from being loaded by someone else, right ?

If I loaded another page in the same server within iframe, the page should be loaded ?

When I tested it, the page was still loaded within <iframe> page </iframe>. Is this supposed to be?