Clickjacking attack - IIS


                 Clickjacking (UI redress attack) is a malicious technique of tricking a user into clicking on something different from what the user perceives, thus potentially revealing confidential information or allowing others to take control of their computer while clicking on seemingly innocuous objects, including web pages.


Affected versions

IIS 7.x

IIS 8.x




Follow the steps to do this

  • Open Internet Information Services (IIS) Manager.
  • In the Connections pane on the left side, expand the Sites folder and select the site that you want to protect.
  • Double-click the HTTP Response Headers icon in the feature list in the middle.
  • In the Actions pane on the right side, click Add.
  • In the dialog box that appears, type X-Frame-Options in the Name field and type SAMEORIGIN in the Value field.
  • Click OK to save your changes.


To modify these directly in your (config) for IIS, this is located in the root of the site.

Below configurations are to be updated in your existing tag.


</system><system .webServer>
<add name="X-Frame-Options" value="SAMEORIGIN"></add>



Follow me on Linkedin My Profile
Follow DevopsJunction onFacebook orTwitter
For more practical videos and tutorials. Subscribe to our channel

Buy Me a Coffee at

Signup for Exclusive "Subscriber-only" Content