I am trying to fix a vulnerability found during a penetration scan. I need to correct the X-Frame-Options response header and set it to DENY so that the webpage is unable to be opened in a frame. I found this page:
That says to add this to the <system.webServer> section.
<add name="X-Frame-Options" value="SAMEORIGIN" />
to my web.config file. It looked straightforward enough, so I found that section and added that to the web.config file and still getting the alert when I run the penetration test after the change was made.
I need to know if there is something else I need to do in order for this to be set correctly.