ASM-custom-response-page Enable X-Frame-Option

Question

ASM Experts,  Is there any potential impact when we enable X-Frame-option deny/Sameorgin on ASM Custom Violation response page?  Please advice .Thanks&nbsp;

kash_276820 · Answer

Experts Any updates?&nbsp;

jad_tabbara__j1 · Answer

Hello Kash, &nbsp;
If your "custom response page" contains  and you add :&lt;/p&gt;
&lt;ul&gt;
&lt;li&gt;"X-Frame-Options: DENY" then the browser will not load the iframe content &lt;/li&gt;
&lt;li&gt;"X-Frame-Options: SAMEORIGIN" then browser will load only iframe comming from same domain&lt;/li&gt;
&lt;/ul&gt;
&lt;p&gt;If your "custom response page" doesn't contain iframe there is no impact to do this on the blocking page itself. &lt;/p&gt;
&lt;p&gt;Regards&lt;/p&gt;&nbsp;

samstep · Answer

Should be no impact - these headers provide Clickjacking attack mitigation&nbsp;

Forum Discussion

ASM-custom-response-page Enable X-Frame-Option

3 Replies

Recent Discussions

Chrome V 124+ on MacOS - Virtual Server Access Issue

F5Access | MacOS Sonoma

Transaction looks successful but file not downloading

Overwriting or adding LTM SSL Traffic cert and key using iControlREST

F5 Access Guard Deprecated: ZTA APM

Related Content

Removing x-frame-options header from response when using APM

ASM custom response page add additional information

Clickjacking Protection Using X-FRAME-OPTIONS Available for Firefox

Set x-frames-options header values depending on URI

Enable telnet on SSH