- Topics: Active | Unanswered
#1 2016-10-20 16:15:57
- Todd Shelton
Setting Configure X-Frames Options does not create the correct header
In Adobe Connect (cloud) setting Configure X-Frames Options to SAMEORIGIN does not create the correct HTTP header, which should be X-Frame-Options: SAMEHEADER.
In fact, it appears to have no effect at all.
We need this to work because without this header, our landing pages fail vulnerability testing at one of our customers ( a large software company).
Setting this option restricts IFrames, and SAMEORIGIN restricts them to the same domain.
This is a pretty common security vulnerability, and Connect looks like it has provision for it. Has anyone else run across this and successfully configured it?