This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Clickjacking mitigation

I'm presenting a web server through the WAF using Form authentication to restrict access. This was recently scanned, and came up vulnerable to Clickjacking attacks. Is there a way to add an X-Frame-Options or Content-Security-Policy: frame-ancestors header to the login form presented from the WAF?

Thanks. -Steve

This thread was automatically locked due to age.

Parents

0 Jaydeep over 5 years ago

Hi SteveU

I don't think there's an option as such in WAF. In general, X-FRAME-OPTIONS is the web application's way to control how it's allowed to be presented the client-side, so don't you need to set this up in the backend application and not in WAF?

However, you can add a feature request for this here.

Regards

Jaydeep
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 Jaydeep over 5 years ago

Hi SteveU

I don't think there's an option as such in WAF. In general, X-FRAME-OPTIONS is the web application's way to control how it's allowed to be presented the client-side, so don't you need to set this up in the backend application and not in WAF?

However, you can add a feature request for this here.

Regards

Jaydeep
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data