How to Prevent our website by Clickjacking in ASP.NET c#?

Question 1

How to Prevent our website by Clickjacking in ASP.NET c#?

c# asp.net clickjacking

shashank · Aug 24, 2015 · Viewed 50.7k times · Source

Answer

Answer

X-FRAME-Options

Add this code in global.asax file.

protected void Application_BeginRequest(object sender, EventArgs e)
{
  HttpContext.Current.Response.AddHeader("x-frame-options", "DENY");
}

OR

simply add this to <system.webServer> in your Web.Config file

<!--Clickjacking security-->
    <httpProtocol>
      <customHeaders>
        <add name="X-Frame-Options" value="DENY" />
      </customHeaders>
    </httpProtocol>
    <!--End clickjacking-->

This small snippet adds a http header called x-frame-options to your http responses and prevents your site being loaded in an iframe in "modern" browsers.
There are 3 values possible to X-Frame-Options:

DENY: do not allow any site to frame your application
SAMEORIGIN: only allow same application site to frame
ALLOW-FROM: only allow specific domain to frame your application

Question 2

I have a Dynamic website in which i have to make secure from clickjacking attack. In database getting these type of values while searching i was know little more about clickjacking but exactly is what not getting so Please anyone who knows help me out.

How to Prevent our website by Clickjacking in ASP.NET c#?

Answer

Related questions