- This topic has 0 replies, 1 voice, and was last updated 7 years, 7 months ago by
.
Viewing 0 reply threads
-
Posts
-
-
Websites hosted on IIS can be secured from Clickjacking by either changing the webpage header code, or setting the correct HTTP Response Header in IIS. My preferred method is to do this in IIS, because that way there is no risk of a webpage being created or amended to not have the correct header code. In an ideal world, I image you’d do both, just in case. This article shows you how to protect a website from Clickjacking by changing the IIS HTTP Response Headers. To do this:
- Open IIS
- Select the site you want to secure against Clickjacking
- Double-click the HTTP Response Headers icon in the feature list in the middle
- In the Actions pane on the right side, click Add
- In the dialog box, type X-Frame-Options in the Name field and type SAMEORIGIN in the Value field
Do this for each site hosted by IIS that you wish to secure against Clickjacking
-
Viewing 0 reply threads
- You must be logged in to reply to this topic.