Submit a ticketCall us

Training ClassThe Orion® Platform Instructor-led Classes

Provided by SolarWinds® Academy, these trainings will introduce users to the Orion Platform and its features, management, and navigation. These courses are suitable for users looking to discover new tips, tricks, and ways to adapt their Orion products to better suit their monitoring needs:
Deploying the Orion Platform
Configuring Orion views, maps, and accounts
Configuring Orion alerts and reports

Reserve your seat.

Home > Success Center > Network Performance Monitor (NPM) > NPM - Knowledgebase Articles > NPM 11.5 and later prevents an iFrame from displaying within an external web site or a custom web page

NPM 11.5 and later prevents an iFrame from displaying within an external web site or a custom web page


The Orion web configuration is changed in NPM 11.5 as a security measure to prevent Cross-Site Request Forgery (CSRF) and Clickjacking attacks.  As a result, displaying resources on Orion in an a custom web page is not possible.  


  • NPM 11.5  
  • Orion Platform 2015.1.x


The following was added to the web config as a security measure.


X-Same-Domain: 1
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block



  • Consult your System Administrator before performing the following procedure. 
  • The following changes will make the Orion Web Console vulnerable to Cross-Site Request Forgery (CSRF) and Click-jacking attacks.
  • SolarWinds strongly recommends that you only edit the web.cfg file as instructed. Any additional modifications may result in system performance issues or may create an error state.
  • Save a copy of the original web.cfg file to your local drive as a backup file, in case you need to roll back later.


  1. Go to the web folder. By default, it is located at C:\inetpub\SolarWinds.
  2. Open the web.cfg file for editing.
  3. Delete the following key from the file: <add name="X-Frame-Options" value="SAMEORIGIN" />
  4. Click Save.
  5. Press Ctrl+F5 from your web browser. 
Last modified