Rule Name | Enabled? | Description |
Login Page Deny Non Same-Origin Framing | Yes | This rule guards against cross-site scripting and clickjacking attacks on the Login page by implementing the X-Frame-Options HTTP response header. This header indicates whether or not a browser should be allowed to render a page in a <frame> or <iframe>, thus ensuring that content is not embedded into other sites. The key/value pair is: X-Frame-Options SAMEORIGIN The page can only be displayed in a frame of the same origin as the page itself. |
Login Page Deny All Framing | No | This is a more stringent Login page anti-cross-site scripting and clickjacking rule. The key/value pair is: X-Frame-Options DENY In this case, the page cannot be displayed in a frame, regardless of the site attempting to do so. |
IE - parameter for compatibility mode | Yes | This setting sets the standard document type for Internet Explorer in rendering HTML pages. The default value is IE8. |