I want to disable x-frame-options in my website, I want that no other website can show my webpages in their web pages using iframes. My website is made in ASP.net MVC3 and hosted in IIS 7.5.
Disable x-frame-options in MVC3 or IIS 7.5
Asked Answered
There are a bunch of ways to go about this. But one of the easiest is adding <customHeaders> section to the web.config and it will append that header to each request.
<configuration>
<system.webServer>
<httpProtocol>
<customHeaders>
<add name="X-Frame-Options" value="DENY" />
</customHeaders>
</httpProtocol>
</system.webServer>
</configuration>
so this way, no one will be able to show my webpages in their website? and if I want to show my site's page in iframe on another page of the site, will it work? –
Brussels
@ArbazAbid For the specifics of
X-Frame-Options you may want to read developer.mozilla.org/en-US/docs/HTTP/X-Frame-Options or similar articles to pick which value is right for your situation. –
Demasculinize I needed SAMEORIGIN value, not its working fine, thanks again –
Brussels
@StevenV Shoudln't I be able to see the X-Frame-Option param in header through fiddler? I used this and can't see the header entry. What's wrong (MVC 2) –
Physiologist
@Physiologist You definitely should. Do you have any security software or devices on your computer or network that could be stripping out the header? –
Demasculinize
@stevenV It's a stabdard corporate laptop with antivirus and whatnot but i dont think they are stripping anything from header especially something crucial for security like this. Any other reason? Or probably a way to check this? –
Physiologist
© 2022 - 2024 — McMap. All rights reserved.