EN
Español
English
Português
    Site Does Not Use Best Practices Against Embedding of Malicious Content

    PM-50814-19-201516

    A best practice to prevent malicious embedding of site content is to add the frame-ancestors directive to the HTTP response header of the site’s Content Security Policy (CSP). The policy restricts which URLs can embed site content using HTML elements , <iframe>, , or <applet>. It is preferable to use a CSP header with the frame-ancestors directive than to use X-Frame-Options, which is not supported by some browsers. The CSP specification is compatible with most modern browsers and earlier versions. If the HTTP response header includes X-Frame-Options and frame-ancestors, browsers ignore the former as deprecated.

    The recommended header “frame-ancestors” is configured, for the ADM console WEB site, for the repserver site for compatibility with older version agents, it is not implemented in this version.