How to Prevent our website by Clickjacking in ASP.NET c#? [duplicate]

by

X-FRAME-Options

Add this code in global.asax file.

protected void Application_BeginRequest(object sender, EventArgs e)
{
  HttpContext.Current.Response.AddHeader("x-frame-options", "DENY");
}

OR

simply add this to <system.webServer> in your Web.Config file

<!--Clickjacking security-->
    <httpProtocol>
      <customHeaders>
        <add name="X-Frame-Options" value="DENY" />
      </customHeaders>
    </httpProtocol>
    <!--End clickjacking-->

This small snippet adds a http header called x-frame-options to your http responses and prevents your site being loaded in an iframe in “modern” browsers.
There are 3 values possible to X-Frame-Options:

  1. DENY: do not allow any site to frame your application
  2. SAMEORIGIN: only allow same application site to frame
  3. ALLOW-FROM: only allow specific domain to frame your application

Leave a Comment

Hata!: SQLSTATE[HY000] [1045] Access denied for user 'divattrend_liink'@'localhost' (using password: YES)