Bug ID 446318: X-Frame-Options response header is ignored when accessed with Portal Access

Last Modified: Oct 06, 2020

Bug Tracker

Affected Product:  See more info
BIG-IP APM(all modules)

Known Affected Versions:
11.6.1, 11.6.0, 11.5.0

Fixed In:
11.6.0

Opened: Jan 27, 2014
Severity: 3-Major
Related AskF5 Article:
K01102767

Symptoms

Page with X-Frame-Options response header is rendered in <frame>, <iframe> or <object> tag. While it should not be rendered, because the header instruct browser blocks it.

Impact

If X-Frame-Options header is ignored, then some clickjacking attacks can be possible.

Conditions

Page with X-Frame-Options response header in <frame> <iframe> or <object> tag.

Workaround

This issue has no workaround at this time.

Fix Information

None

Behavior Change