Symantec Access Management

Is there any way to set the x-frame-options response header with the response for login.fcc without doing it at the load balancer or a custom IIS handler/module?

in looking up a parameter there was spelling dispute on, i recently found a new one that  covers this.

Help Prevent Attacks - CA SiteMinder® - 12.52 SP1 - CA Technologies Documentation

Hi Josh,

Thanks for your quick response.

I added XFrameOptions='SAMEORIGIN' to my ACO but I don't see a X-Frame-Options response header when I request login.fcc.  I also tried XFrameOptions='YES'.

Do you know if the XFrameOptions Agent Parameter is actually supported with Web Agent Version R12.0 SP3 CR12?

We're still on Windows 2003 and it looks like R12.0 SP3 CR1x is the last version supported on Win2k3.  (I know this configuration is no longer supported and we're working on upgrading to Windows 2012 with R12.52 SP1 CR02).

I see XFrameOptions described in the Help Prevent Attacks section of the Web Agent Configuration Guide for R12.0 SP3 (with yes/no as the incorrect parameter values).  However XFrameOptions is not listed in the Agent Parameters section.

In the R12.5 Documentation it is described correctly and is in Agent Parameters.

Thanks again for your help,

Jim Marsen

Would need CA to tell us when it was added.

However it's new to me as in added after i left, so not likely in r12.0