Bug ID 446318: X-Frame-Options response header is ignored when accessed with Portal Access

Last Modified: Jul 12, 2023

Affected Product(s):
BIG-IP APM(all modules)

Known Affected Versions:
11.6.1, 11.6.0, 11.5.0

Fixed In:
11.6.0

Opened: Jan 27, 2014

Severity: 3-Major

Related Article: K01102767

Symptoms

Page with X-Frame-Options response header is rendered in <frame>, <iframe> or <object> tag. While it should not be rendered, because the header instruct browser blocks it.

Impact

If X-Frame-Options header is ignored, then some clickjacking attacks can be possible.

Conditions

Page with X-Frame-Options response header in <frame> <iframe> or <object> tag.

Workaround

This issue has no workaround at this time.

Fix Information

None

Behavior Change

Guides & references

K10134038: F5 Bug Tracker Filter Names and Tips