How to stop Password Manager from allowing cross scripting?
For example: Entering the user site URL in a file on the desktop will launch the self-service site. There is a potential security risk if someone was recording the key strokes.
A workaround to the Cross Frame Scripting issue with Password manager use the following steps:
1. Open IIS Manager on the Password Manager server.
2. For each Password manager site you want to disable IFrame feature do the following:
a. Select site
b. Open Feature HTTP Response Headers from IIS area
c. Add ‘X-Frame-Options’ header with value ‘DENY’ (to completely disable) or ‘SAMEORIGIN’ (allow IFrame if both files are on the same server)