Forum Discussion

Altocumulus

Nov 24, 2021

X-Frame-Options with deny does not block iframe

I have an iRule as follows: when HTTP_RESPONSE { if {!([HTTP::header exists "X-Frame-Options"])} { HTTP::header insert X-Frame-Options "DENY" } } I expected the following p...

LTM

security

gongya

Altocumulus

Nov 25, 2021

After more reading, it seems the x-frame-options prevents the page in my server from being loaded by someone else, right ?

If I loaded another page in the same server within iframe, the page should be loaded ?

When I tested it, the page was still loaded within <iframe> page </iframe>. Is this supposed to be?

Recent Discussions

F5 looses the token for the first call
Dec 20, 2024
Ozzy
iRule - Url rewrite and header replace and pool selection not working
Dec 20, 2024
rct101
Switch ssl profile based on weak cipher detection via IRULE
Dec 20, 2024
aliasgar215
full-proxy HTTP2
Dec 20, 2024
former_newbie
Decode ObjectSID from Base64-encode string
Dec 20, 2024
Sefi_Miz

Under Attack? F5 Will Help You.
Contacting F5 Support?

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

Forum Discussion

X-Frame-Options with deny does not block iframe

Recent Discussions

F5 looses the token for the first call

iRule - Url rewrite and header replace and pool selection not working

Switch ssl profile based on weak cipher detection via IRULE

full-proxy HTTP2

Decode ObjectSID from Base64-encode string

Related Content

Removing x-frame-options header from response when using APM

Clickjacking Protection Using X-FRAME-OPTIONS Available for Firefox

Set x-frames-options header values depending on URI

Applying APM on an iframe

Block IP after a number of ASM Blocks

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS