1. Home
  2. Knowledge Base
  3. Server Management
  4. WHMCS Connect shows ‘Refused to Connect’ in iframe – Fix

The following option is available under the Security tab in WHM >> Tweak Settings:

Use X-Frame-Options and X-Content-Type-Options headers with cpsrvd

It defaults to OFF and per it’s description:

Use the X-Frame-Options HTTP response header to indicate whether a browser can render a page in a <frame>, <iframe> or <object> tag. This allows websites to ensure that their contents are not embedded into other sites, to avoid clickjacking attacks.

The server uses the X-Content-Type-Options response HTTP header to indicate that the MIME types in the Content-Type headers should not be changed or followed.

When you enable this option, the system adds the X-Frame-Options header, with a value of SAMEORIGIN, and the X-Content-Type-Options header, with a value of nosniff, to cpsrvd responses.

If you wanted to modify this setting via the command line, you’d use the following command:

whmapi1 set_tweaksetting key=xframecpsrvd value=0

“1” represents ON and “0” represents OFF.

Was this article helpful?

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *