Link to home
Start Free TrialLog in
Avatar of COV-Webmaster
COV-WebmasterFlag for Canada

asked on

X-Frame-Options - click-jacking

Hi,

I have a question, I'm trying to put X-Frame-Options onto a HTTP Response Headers on IIS (server win 2k8 r2). I've put deny and it seems that it doesn't work. Any suggestions? IS there any tool to confirm that its working cause I dont believe it does.


Thank you for your time
Katerina
Capture.JPG
Capture1.JPG
Capture2.JPG
ASKER CERTIFIED SOLUTION
Avatar of Dave Baldwin
Dave Baldwin
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of COV-Webmaster
COV-Webmaster
Flag of Canada image

ASKER

Hi Dave,

Even if I change the Value to SAMEORIGIN or allow from "URL" I dont see it working correctly. Is there a tool out there so see if the X-Frame is working correctly for the IIS configurations?


Cheers
Katerina
Avatar of Dave Baldwin
Dave Baldwin
Flag of United States of America image
I dont see it working correctly.
What does that mean?  How are you checking?  It's just a header that is sent with the page request.  It's up to the browser to enforce it.
Avatar of COV-Webmaster
COV-Webmaster
Flag of Canada image

ASKER

does this look correct to you ?!
<iframe src="https://secure.west.prophetservices.com/****/Home/Index?CourseId=2,1,3&Date=2016-4-8&Time=AnyTime&Player=99&Hole=18#channelweb" name="frame1" scrolling="auto" frameborder="no" align="center" height = "600x" width = "600px">

Im trying to understand what works and what doesnt.'

Thank you for your time and helping me understand this.
K
Capture.JPG
SOLUTION
Avatar of Dave Baldwin
Dave Baldwin
Flag of United States of America image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial