Home > Uncategorized > Return the X-Frame-Options HTTP header in IIS 7 for Exchange OWA

Return the X-Frame-Options HTTP header in IIS 7 for Exchange OWA

To prevent click-jacking, add the HTTP response header “X-Frame-Options” into IIS for websites and or Exchange OWA:

– Open IIS Manager and click on the server name in the left column.  Drill down if you only want to apply to one website.
– In Features View, double-click HTTP Response Headers.
– On the HTTP Response Headers page, in the Actions pane, click Add.
– In the Add Custom HTTP Response Header dialog box, add a header called “X-FRAME-OPTIONS”, and assign it’s value to “SAMEORIGIN”.
– Click OK

 

You can validate correct function by visiting one of these websites:

https://securityheaders.io
http://web-sniffer.net/

Print Friendly
Categories: Uncategorized Tags:
  1. No comments yet.
  1. No trackbacks yet.