How to prevent clickjacking on Windows 2012 Server?
Sometime you will get request from security team that windows web server has clickjacking vulnerability. You may apply windows updates however still vulnerability scan show clickjacking.
You can follow below steps to prevent clickjacking:
- Open Internet Information Services (IIS) Manager.
- In the Connections pane on the left side, expand the Sites folder and select the site that you want to protect. e.g. Default web site
- Double-click the HTTP Response Headers icon in the feature list in the middle.
- In the Actions pane on the right side, click Add.