HttpProtocol setting in web.config - valid also for SSL?

634 views Asked by FrenkyB At 01 August 2020 at 16:43

For preventing clickjacking attacks I've put this in web.config:

<system.webServer>
  ...

  <httpProtocol>
    <customHeaders>
      <add name="X-Frame-Options" value="SAMEORIGIN" />
    </customHeaders>
  </httpProtocol>

  ...
</system.webServer>

But my page is served over secure protocol, https. I also have this in web.config:

<system.web>
        <httpCookies requireSSL="true" />
        <authentication mode="Forms">
            <forms name=".AUTH" loginUrl="Login.aspx" requireSSL="true" />
        </authentication>
</system.web>

I wonder if my page served over secure protocol is protected against clickjacking even if custom headers are inside httpProtocol section?

Original Q&A

TechQA.

HttpProtocol setting in web.config - valid also for SSL?

There are 0 answers

Related Questions in ASP.NET

Related Questions in IIS

Related Questions in CLICKJACKING

Popular Questions

Popular Tags

Trending Questions