Submit a ticketCall us

Solarwinds & Cisco Live! Barcelona
Join us from the 29th of January to the 2nd of February at Cisco Live 2018 in Barcelona, where we will continue to show how monitoring the network with SolarWinds will keep you ahead of the game. At our booth (WEP 1A), we will demonstrate how SolarWinds network solutions can help. As a bonus, we are also hosting a pre-event webinar - Blame the Network, Hybrid IT Edition with our SolarWinds Head Geek™, Patrick Hubbard on January 24th - GMT (UTC+0): 10:00 a.m. to 11:00 a.m. There's still time to RSVP.

Home > Success Center > Network Performance Monitor (NPM) > NPM 11.5 and later prevents an iFrame from displaying within an external web site or a custom web page

NPM 11.5 and later prevents an iFrame from displaying within an external web site or a custom web page


The Orion web configuration is changed in NPM 11.5 as a security measure to prevent Cross-Site Request Forgery (CSRF) and Clickjacking attacks.  As a result, displaying resources on Orion in an a custom web page is not possible.  


  • NPM 11.5  
  • Orion Platform 2015.1.x


The following was added to the web config as a security measure.


X-Same-Domain: 1
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block



  • Consult your System Administrator before performing the following procedure. 
  • The following changes will make the Orion Web Console vulnerable to Cross-Site Request Forgery (CSRF) and Click-jacking attacks.
  • SolarWinds strongly recommends that you only edit the web.cfg file as instructed. Any additional modifications may result in system performance issues or may create an error state.
  • Save a copy of the original web.cfg file to your local drive as a backup file, in case you need to roll back later.


  1. Go to the web folder. By default, it is located at C:\inetpub\SolarWinds.
  2. Open the web.cfg file for editing.
  3. Delete the following key from the file: <add name="X-Frame-Options" value="SAMEORIGIN" />
  4. Click Save.
  5. Press Ctrl+F5 from your web browser. 
Last modified