7.5 Prevent click jacking
You can configure IIS to prevent click jacking.
7.5.1 Implementation
On the MyID website, add a custom header: x-frame-options=sameorigin
In the web.config file it will look like this:
Copy
<configuration>
<system.webServer>
<httpProtocol>
<customHeaders>
<add name="x-frame-options" value="sameorigin" />
</customHeaders>
</httpProtocol>
</system.webServer>
</configuration>If you are running the MyID web from within another site, you must add the other website to the header; for example:
<add name="x-frame-options" value="sameorigin; allow-from https://myserver/customerApp" />
Only one other site can be specified.
7.5.2 Recommendations
Set up IIS to prevent click jacking using the configuration file.