Skip to content

How to Add X-Frame-Options In Classic ASP

This is how you add the x-frame-options header to your page in ASP. This can also be done in IIS.
Using the x-frame-options header will prevent your page from being displayed inside another frame, discouraging click-jacking. There are a few different ways to set it up.

1. Your first option is to deny ALL attempts to frame your page.

<% Response.AddHeader "X-FRAME-OPTIONS", "DENY" %>

2. The second option denies ALL attempts to frame your page by any another website not your own.

<% Response.AddHeader "X-FRAME-OPTIONS", "SAMEORIGIN" %>

3. The third option specifies exactly which websites can frame your page. While this option is likely the one you’d use, it is not supported by all browsers such as Chrome and Safari. 🙁
Good thing there is an online test to see which of these your browser supports.

<% Response.AddHeader "X-FRAME-OPTIONS", "Allow-From https://examplesite.com" %>
Published inASP

2 Comments

  1. HD HD

    You must add the header in each page?

    • Cesar Quinteros Cesar Quinteros

      Yes this should be added to every page you want it applied to. However instead of hard-coding it onto every page I suggest you add it to an common asp page to be included by all other pages that way if you need to change it, you can just change it on that one page. Here’s a link on include pages. http://www.w3schools.com/asp/asp_incfiles.asp

Leave a Reply

Your email address will not be published. Required fields are marked *