he following option is available under the Security tab in WHM >> Tweak Settings:

Use X-Frame-Options and X-Content-Type-Options headers with cpsrvd

It defaults to OFF and per it’s description:

Use the X-Frame-Options HTTP response header to indicate whether a browser can render a page in a <frame>, <iframe> or <object> tag. This allows websites to ensure that their contents are not embedded into other sites, to avoid clickjacking attacks.

The server uses the X-Content-Type-Options response HTTP header to indicate that the MIME types in the Content-Type headers should not be changed or followed.

When you enable this option, the system adds the X-Frame-Options header, with a value of SAMEORIGIN, and the X-Content-Type-Options header, with a value of nosniff, to cpsrvd responses.

If you wanted to modify this setting via the command line, you’d use the following command:

whmapi1 set_tweaksetting key=xframecpsrvd value=0

“1” represents ON and “0” represents OFF.

Did this answer your question?