X-Frame-Options: DENY Still missing. Why?

Dec 30, 2013 at 10:03 PM
Hello,

I added NWebsec.MVC to an ASP.NET MVC 5 web site but when I run it I still don't have the header "X-Frame-Options: DENY" on my site.

Why? Am I missing something?

Thank You,
Miguel
Coordinator
Jan 1, 2014 at 10:37 PM
Have you applied the XFrameOptions attribute to your controller/action? Alternatively you can configure X-Frame-Options in web.config.

You can have a look at the docs for more details: NWebsec.Mvc
Marked as answer by shapper on 1/4/2014 at 9:18 AM
Jan 4, 2014 at 4:18 PM
Hello,

I just added the Global Filter and it works fine.

Thank You,
Miguel