Forum Discussion

Nimbostratus

Aug 08, 2018

ASM X-FRAME-OPTIONS identification of issues prior to deployment.

Hi All, I am looking at deploying an ASM policy, this policy will activate the X-FRAME-OPTIONS header. My question is: is there a sensible way of understanding if any of my customers are us...

ASM Advanced WAF

security

samstep

Cirrocumulus

Aug 14, 2018

This is not easy as only the browser knows if a website is rendered in an iframe of a full window.

One way of getting that information is to use CSP (Content Security Policy) in Report-Only mode with the equivalent setting of X-FRAME-OPTIONS header and send reports to a CSP reporting service such as report-uri.com

Beware that if you find out that people are indeed "framing" your website they are just as likely to be hackers/attackers as legit customers - not quite sure how you would distinguish between them.

Forum Discussion

ASM X-FRAME-OPTIONS identification of issues prior to deployment.

Recent Discussions

AS3 Monitoring multiple ports selectively

Open Redirection Mitigation

Portal Access to HTTPS resources slow

How to Implement 2 Way SSL in F5 LTM

Azure DP-100 Exam Questions

Related Content

Removing x-frame-options header from response when using APM

Where are F5's archived deployment guides?

F5 BIG-IP deployment with OpenShift - per-application 2-tier deployments

Clickjacking Protection Using X-FRAME-OPTIONS Available for Firefox

Set x-frames-options header values depending on URI