For anyone who needs to do this in the future, this is how I did this
void Application_BeginRequest(object sender, EventArgs e)
{
Response.Headers["X-FRAME-OPTIONS"] = "DENY";
}
Pregunta
I have an MVC 4 site and I want to prevent users from showing my site in an iframe. I know I must add the XFO header X-FRAME-OPTIONS
with the value DENY
in my responses but I wanted to ask if there is a single place where I can put this so that all my responses send this.
Solución
For anyone who needs to do this in the future, this is how I did this
void Application_BeginRequest(object sender, EventArgs e)
{
Response.Headers["X-FRAME-OPTIONS"] = "DENY";
}