
Posted: May 10, 2017
Last activity: May 23, 2017
Last activity: 23 May 2017 14:27 EDT
This content is closed to future replies and is no longer being maintained or updated.
Links may no longer function. If you have a similar request, please write a new post.
I need help on preventing pega application from clickjacking attack. Please let me know if you have information. Thank you.
Accepted Solution
Hi Praveen,
Can you please let us know what is the PRPC version you are using?
Starting from PRPC 7.2.1 you can find the DSS with setting purpose as Http/ResponseHeaders to add or modify the custom headers where you can add X-FRAME-OPTIONS header in PRPC application and provide the value based on your security needs.
You can refer the following link on how to add the custom headers:
Hi Praveen,
X-FRAME-OPTIONS header need to be configured to your application server to insert this into every html stream returned to the client.
Accepted Solution
Hi Praveen,
Can you please let us know what is the PRPC version you are using?
Starting from PRPC 7.2.1 you can find the DSS with setting purpose as Http/ResponseHeaders to add or modify the custom headers where you can add X-FRAME-OPTIONS header in PRPC application and provide the value based on your security needs.
You can refer the following link on how to add the custom headers:
7.2.1 version.
Starting from Pega 7.2.2 Content security policy rule types can be used to avoid clickjacking ( through "frame-ancestors" directive). Details on CSP can be found here.
Pega Collaboration Center has detected you are using a browser which may prevent you from experiencing the site as intended. To improve your experience, please update your browser.