Return the X-Frame-Options HTTP header in IIS 7 for Exchange OWA
To prevent click-jacking, add the HTTP response header “X-Frame-Options” into IIS for websites and or Exchange OWA:
– Open IIS Manager and click on the server name in the left column. Drill down if you only want to apply to one website.
– In Features View, double-click HTTP Response Headers.
– On the HTTP Response Headers page, in the Actions pane, click Add.
– In the Add Custom HTTP Response Header dialog box, add a header called “X-FRAME-OPTIONS”, and assign it’s value to “SAMEORIGIN”.
– Click OK
You can validate correct function by visiting one of these websites:
https://securityheaders.io
http://web-sniffer.net/
Categories: Uncategorized