Protected Sub Application_BeginRequest(sender As [Object], e As EventArgs) Response.Headers.Remove("X-Frame-Options") Response.AddHeader("X-Frame-Options", "DENY") End Sub
<script> try { if (top.location.hostname != self.location.hostname) throw 1; } catch (e) { top.location.href = self.location.href; } </script>
<system.webServer> ... <httpProtocol> <customHeaders> <add name="X-Frame-Options" value="SAMEORIGIN" /> </customHeaders> </httpProtocol> ... </system.webServer>