Troubleshooting Tip: Resolving Missing 'X-Frame-Op...

FortiSOAR Knowledge Base

FortiSOAR: Security Orchestration and Response software provides innovative case management, automation, and orchestration. It pulls together all of an organization's tools, helps unify operations, and reduce alert fatigue, context switching, and the mean time to respond to incidents.

Article Id 338548

Description	This article describes that the X-Frame-Options header should be set to either DENY or SAMEORIGIN. This header must be included in every HTTP response to fully protect the website. In some cases, systems running v7.4 may be missing the X-Frame-Options header at the root level.
Scope	FortiSOAR v7.4.x.
Solution	Step 1: Log in to the FortiSOAR instance and navigate to the location of the cyops-api.conf file. # cd /etc/nginx/conf.d/ Step 2: Open the cyops-api.conf file located in /etc/nginx/conf.d/ using a text editor, and locate the location block. # vi cyops-api.conf location = /cindex.html { ... ... } Step 3: Inside the location block, add the add_header directive to set the X-Frame-Options header. The modified block should look something like this: location = /cindex.html { ... ... add_header X-Frame-Options SAMEORIGIN; ... ... } Step 4: Save the changes, exit the editor, and restart the Nginx service: # systemctl restart nginx

356

Contributors

Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Troubleshooting Tip: Resolving Missing 'X-Frame-Options' Header at the Root Level

You are leaving our website