In Security Last updated:
Share on:
Jira Software is the #1 project management tool used by agile teams to plan, track, release, and support great software.

Secure Clickjacking Attack with X-Frame-Options using F5 iRule

There are multiple ways to add X-Frame-Options header in your web applications. However, implementing through F5 load balancer is probably the easiest one.

By doing at a network edge using F5 iRule give you the advantage of making changes no fly.

That’s right; you don’t need to restart any services hence no downtime.

There are three settings for X-Frame-Options:

  • SAMEORIGIN: This configuration will allow the page to be displayed in a frame on the same origin as the page itself.
  • DENY: This setting will prevent a page displaying in a frame or iframe.
  • ALLOW-FROM uri: allow resources to load only on the specified origin.

To implement in F5 irule

  • Create irule with following
  • Associate this irule to respective Virtual server

To verify

Use browser’s inbuilt developer tools to examine the response headers or online using HTTP Header checker tool.

You see it’s three-line which does the job!

Share on:
  • Chandan Kumar
    Chandan Kumar is a seasoned technology enthusiast and entrepreneur passionate about empowering businesses and individuals globally. As the founder of Geekflare, a leading technology publication, Chandan has spearheaded the development…

Thanks to our Sponsors

More great readings on Security

Power Your Business

Some of the tools and services to help your business grow.
  • The text-to-speech tool that uses AI to generate realistic human-like voices.

    Try Murf AI
  • Web scraping, residential proxy, proxy manager, web unlocker, search engine crawler, and all you need to collect web data.

    Try Brightdata
  • is an all-in-one work OS to help you manage projects, tasks, work, sales, CRM, operations, workflows, and more.

    Try Monday
  • Intruder is an online vulnerability scanner that finds cyber security weaknesses in your infrastructure, to avoid costly data breaches.

    Try Intruder