Add X-Frame-Options Cpanel Ports

Denver Prophit Jr. shared this idea 3 months ago
Open Discussion

I just went through a PCI scan Feb 28, 2017. TrustWave was dinging ports 2082, 2083, 2087, 2096 for X-Frame-Options which I think should be a value of Deny. I would like to see this header directive added on those ports for various pages they serve up. The associated forum is https://forums.cpanel.net/threads/x-frame-options-cpanel-ports.594731/

Comments (6)

photo
2

This is definitely something we'd like to consider adding, along with support for all modern HTTP security headers, and it's currently on one of our product backlogs. Once any kind of work starts on that, we'll definitely be back to update here.

photo
2

NICE! Such as HSTS if service SSL has valid CA? That would be nice! =)

photo
photo
1

Our security team requested that we harden then cPanel WHM login page by adding the "x-frame-options sameorigin" header to this page. We opened a support ticket regarding this as it's becoming a requirement on admin login pages, it is not something they can help us with and directed us here to request it as a feature.

photo
1

Our security team requested that we harden then cPanel WHM login page by adding the "x-frame-options sameorigin" header to this page. We opened a support ticket regarding this as it's becoming a requirement on admin login pages, it is not something they can help us with and directed us here to request it as a feature.

photo
1

I would also like this added. Our PCI compliance is failing in this area, and may have to block these ports completely until its resolved.

photo
1

We're in the same boat. This is now causing cPanel servers to fail PCI scans.

Hoping for a timely resolution for this as blocking the cPanel ports is less than ideal.