stackoom
  简体   繁体   中英

classic asp return X-Frame-Options HTTP header with page's response

 原文  2016-05-04 18:17:07       asp-classic/ http-headers

Question

I am working on making my site PCI compliant and their scan states I need to return the X-Frame-Options HTTP header with the page's response (This prevents the page's content from being rendered by another site when using the frame or iframe HTML tags) .

I tried a JavaScript workaround from here:

https://www.owasp.org/index.php/Clickjacking_Defense_Cheat_Sheet

but it doesn't seem to be Security Metrics happy - my offending pages (basically all of them) are still showing on the scan.

How do I do this in classic asp?

1 answers

solution1
 1 ACCPTED  2016-05-04 20:12:28

Just set the header in the ASP page using

<%
Call Response.AddHeader("X-FRAME-OPTIONS", "DENY")
%>

or set it from inside IIS so it's applied across a site, folder or page.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Writing JSON in Classic ASP page, and general (mis)understanding of Http Response Classic ASP — Protect Against HTTP Header Injection Excel ADO in ASP Classic - Return row 2 as header IIS 6 - Classic ASP - Set *.asp response header's content-type to “text/html;charset=UTF-8” Asp Classic return specific http status code response redirect previous page classic asp classic asp response.redirect to appropriate page http response and response.redirect simultameously in classic asp Set Page Setup Options Programmatically in Classic ASP or ASP.NET HTTP module or isapi module on classic asp page to record page hits
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM