Protection against Clickjacking

Clickjacking (also known as a "UI redress attack") is a malicious technique intended to trick a user into clicking something different to what they think they are clicking.

Plesk users can be vulnerable to this type of attack when Plesk is opened within frames (separate areas of web pages) on other (malicious) sources.

To protect Plesk from clickjacking, add the following lines to the panel.ini file:

sameOriginOnly = true

The sameOriginOnly setting allows you to prevent Plesk pages from opening within frames on other domains.

Note: By default, this setting is switched off (has the false value) because it can compromise Plesk integration with other systems in which Plesk is opened in the system's frames.


Leave your feedback on this topic here

If you have questions or need support, please visit the Plesk forum or contact your hosting provider.
The comments below are for feedback on the documentation only. No timely answers or help will be provided.