Add X-Frame-Options Cpanel Ports
Completed
I just went through a PCI scan Feb 28, 2017. TrustWave was dinging ports 2082, 2083, 2087, 2096 for X-Frame-Options which I think should be a value of Deny. I would like to see this header directive added on those ports for various pages they serve up. The associated forum is https://forums.cpanel.net/threads/x-frame-options-cpanel-ports.594731/
I like this idea 
cPanel, WebHost Manager and WHM are registered trademarks of cPanel, L.L.C. for providing its computer software that facilitates the management and configuration of Internet web servers.
This was added in cPanel & WHM Version 68. In WHM:
Server Configuration > Tweak Settings > Security > ‘Use X-Frame-Options and X-Content-Type-Options headers with cpsrvd’
Read more about it in our 82 docs.
This was added in cPanel & WHM Version 68. In WHM:
Server Configuration > Tweak Settings > Security > ‘Use X-Frame-Options and X-Content-Type-Options headers with cpsrvd’
Read more about it in our 82 docs.
This is definitely something we'd like to consider adding, along with support for all modern HTTP security headers, and it's currently on one of our product backlogs. Once any kind of work starts on that, we'll definitely be back to update here.
This is definitely something we'd like to consider adding, along with support for all modern HTTP security headers, and it's currently on one of our product backlogs. Once any kind of work starts on that, we'll definitely be back to update here.
Our security team requested that we harden then cPanel WHM login page by adding the "x-frame-options sameorigin" header to this page. We opened a support ticket regarding this as it's becoming a requirement on admin login pages, it is not something they can help us with and directed us here to request it as a feature.
Our security team requested that we harden then cPanel WHM login page by adding the "x-frame-options sameorigin" header to this page. We opened a support ticket regarding this as it's becoming a requirement on admin login pages, it is not something they can help us with and directed us here to request it as a feature.
Our security team requested that we harden then cPanel WHM login page by adding the "x-frame-options sameorigin" header to this page. We opened a support ticket regarding this as it's becoming a requirement on admin login pages, it is not something they can help us with and directed us here to request it as a feature.
Our security team requested that we harden then cPanel WHM login page by adding the "x-frame-options sameorigin" header to this page. We opened a support ticket regarding this as it's becoming a requirement on admin login pages, it is not something they can help us with and directed us here to request it as a feature.
I would also like this added. Our PCI compliance is failing in this area, and may have to block these ports completely until its resolved.
I would also like this added. Our PCI compliance is failing in this area, and may have to block these ports completely until its resolved.
We're in the same boat. This is now causing cPanel servers to fail PCI scans.
Hoping for a timely resolution for this as blocking the cPanel ports is less than ideal.
We're in the same boat. This is now causing cPanel servers to fail PCI scans.
Hoping for a timely resolution for this as blocking the cPanel ports is less than ideal.
Same here as well, great so this is now a serious issue causing many many people to fail PCI and this thread is the sum of actions that cp are taking i.e. "we'd like to add it"
I have hundreds of cp licences - so this is a headache!
Any updates yet????
Same here as well, great so this is now a serious issue causing many many people to fail PCI and this thread is the sum of actions that cp are taking i.e. "we'd like to add it"
I have hundreds of cp licences - so this is a headache!
Any updates yet????
This was added in cPanel & WHM Version 68. In WHM:
Server Configuration > Tweak Settings > Security > ‘Use X-Frame-Options and X-Content-Type-Options headers with cpsrvd’
Read more about it in our 82 docs.
This was added in cPanel & WHM Version 68. In WHM:
Server Configuration > Tweak Settings > Security > ‘Use X-Frame-Options and X-Content-Type-Options headers with cpsrvd’
Read more about it in our 82 docs.
Replies have been locked on this page!