Is it possible to add X-FRAME-OPTIONS response header to prevent clickjacking

Udgivelsesdato: Oct 16, 2024

Løsning

Question : Is it possible to add X-FRAME-OPTIONS response header to prevent clickjacking? This is one of the options to prevent Clickjacking

Environment : Production

Answer :

Starting SFCC B2C Platform release 13.3, Customers can now set the X-FRAME-OPTIONS response header in the code to prevent clickjacking.

Allowed values are: DENY, SAMEORIGIN.

Note: SFCC B2C platform validates the values for this header and will throw an exception if the header is set to any other value.

See http://tools.ietf.org/html/draft-gondrom-x-frame-options-00 for more information.

Additional Info : Class Response

Note:
The OnRequest pipeline / controller is called in a separate (internal) request before the actual request from the storefront is handled. This means any headers set in the OnRequest handlers response will have no effect on the actual response that is returned to the client. Headers for clients like the mentioned X-Frame-Options header must be set in the implementation for the storefront call.

Vidensartikelnummer

000391452

Løste denne artikel dit problem?

Giv os besked, så vi kan forbedre os!

Is it possible to add X-FRAME-OPTIONS response header to prevent clickjacking

General Information

Required Cookies

Functional Cookies

Advertising Cookies

General Information

Required Cookies

Functional Cookies

Advertising Cookies

Cookie List