Forum Discussion

Altostratus

Aug 27, 2013

Clickjacking protection with X-Frame options

We have a situation where sites are missing X-Frame Options How can we return a response header with the name X-Frame-Options and the value DENY to prevent framing altogether, or the value SAMEORIGIN...

Kevin_Stewart

Employee

Aug 27, 2013

I'd use a replace:

when HTTP_RESPONSE {
   HTTP::header replace X-Frame-Options "SAMEORIGIN"
}

Forum Discussion

Clickjacking protection with X-Frame options

Recent Discussions

Pool Members communication with B-party via F5 VIP

Find GSLB pool membership from vip IP

Server 2 causing application slowness

F5Access | MacOS Sonoma

AS3 Deployments (shared objects)

Related Content

Clickjacking Protection Using X-FRAME-OPTIONS Available for Firefox

Removing x-frame-options header from response when using APM

Beyond REST: Protecting GraphQL

Adding Security HTTP Headers with an iRule for HSTS, XSS, Clickjacking and Content Web Protection

L7 DoS Protection with NGINX App Protect DoS