The X-Frame-Options HTTP response header can be used to indicate whether a browser should be allowed to render a page or not. The header declares the framing policy with values DENY (will prevent any framing), SAMEORIGIN (will prevent framing by external sites), or ALLOW-FROM origin (will allow framing only by the specified site). Sites can use this to avoid attacks, by ensuring that their content is not embedded into other sites.
Airlock WAF also provides this HTTP response header to the client to increase the frame security. Per default the value is set to following: X-FRAME-OPTIONS: SAMEORIGIN
It is possible to globally enable/disable the X-Frame-Options action in the Configuration Center under Application Firewall > Default Action and/or overwrite this setting on mappings if desired.
To disable the action on the Mapping do the following:
To change the action on the Mapping do the following: