How To Secure IIS Websites Against Clickjacking

IT Support Forum Forums Web Servers IIS General Discussion How To Secure IIS Websites Against Clickjacking

This topic contains 0 replies, has 1 voice, and was last updated by  Webmaster 1 year, 1 month ago.

  • Author
    Posts
  • #1427

    Webmaster
    Keymaster

    Websites hosted on IIS can be secured from Clickjacking by either changing the webpage header code, or setting the correct HTTP Response Header in IIS. My preferred method is to do this in IIS, because that way there is no risk of a webpage being created or amended to not have the correct header code. In an ideal world, I image you’d do both, just in case. This article shows you how to protect a website from Clickjacking by changing the IIS HTTP Response Headers. To do this:

    1. Open IIS
    2. Select the site you want to secure against Clickjacking
    3. Double-click the HTTP Response Headers icon in the feature list in the middle
    4. In the Actions pane on the right side, click Add
    5. In the dialog box, type X-Frame-Options in the Name field and type SAMEORIGIN in the Value field

    Do this for each site hosted by IIS that you wish to secure against Clickjacking

You must be logged in to reply to this topic.