Is it possible to add X-FRAME-OPTIONS response header to prevent clickjacking

Data pubblicazione: Oct 16, 2024

Risoluzione

Question : Is it possible to add X-FRAME-OPTIONS response header to prevent clickjacking? This is one of the options to prevent Clickjacking

Environment : Production

Answer :

Starting SFCC B2C Platform release 13.3, Customers can now set the X-FRAME-OPTIONS response header in the code to prevent clickjacking.

Allowed values are: DENY, SAMEORIGIN.

Note: SFCC B2C platform validates the values for this header and will throw an exception if the header is set to any other value.

See http://tools.ietf.org/html/draft-gondrom-x-frame-options-00 for more information.

Additional Info : Class Response

Note:
The OnRequest pipeline / controller is called in a separate (internal) request before the actual request from the storefront is handled. This means any headers set in the OnRequest handlers response will have no effect on the actual response that is returned to the client. Headers for clients like the mentioned X-Frame-Options header must be set in the implementation for the storefront call.

Numero articolo Knowledge

000391452

Questo articolo ha risolto il problema?

Facci sapere, così possiamo migliorare!

Is it possible to add X-FRAME-OPTIONS response header to prevent clickjacking

General Information

Required Cookies

Functional Cookies

Advertising Cookies

General Information

Required Cookies

Functional Cookies

Advertising Cookies

Cookie List