Clickjacking protection in IIS7
Configure IIS to prevent Clickjacking
Follow the steps to do this
- Open Internet Information Services (IIS) Manager.
- In the Connections pane on the left side, expand the Sites folder and select the site that you want to protect.
- Double-click the HTTP Response Headers icon in the feature list in the middle.
- In the Actions pane on the right side, click Add.
- In the dialog box that appears, type X-Frame-Options in the Name field and type SAMEORIGIN in the Value field.
- Click OK to save your changes.
If you get a permission issue when adding the entry you need to change permissions on the file. As per link below.
https://jwcooney.com/2014/05/22/iis-cannot-write-configuration-file-due-to-insufficient-permissions/
Good point! Thanks for the link.