This extension provides basic protection against Clickjacking Attacks (see Wikipedia for details on what a Clickjack attack is and OWASP.org for details on different methods of protection against it).
- Sitecore instance default setting for X-Frame-Option Header
- Default setting support for DENY, SAMEORIGIN or empty (X-Frame-Option header)
- Site-based X-Frame-Option settings
- Page-based X-Frame-Option settings through data template that can be inherited from on pages.
- support for JavaScript based protection (frame breaker)
- automatic browser / feature detection (and fallbacks)
- support for ALLOW-FROM values
- Sitecore 7.0 (but should work with 6.x)
Install via NuGet Gallery
PM> tbd