How to enable Protection against Clickjacking in Plesk Onyx

Clickjacking (also known as a "UI redress attack") is a malicious technique intended to trick a user into clicking on something different from they perceive they are clicking on.Plesk users can be vulnerable to such type of attack when Plesk is opened within frames (separate areas of web pages) on other (malicious) sources. To protect Plesk from clickjacking, you can use the sameOriginOnly setting in the panel.ini file. This setting allows to prevent Plesk pages from opening within frames on other domains.

For Linux –

  1. Login to your Plesk onyx server with root user with your favorite ssh client

  2. Edit the file “panel.ini” file located at “/usr/local/psa/admin/conf” with the command

    nano /usr/local/psa/admin/conf/panel.ini


  1. If the file does not exist create it with “touch” command.

  1. Add the following line in /conf file

    [security]

    sameOriginOnly = true



  1. Save the file and you are done.