Sites are missing the XFRAME OPTIONS header to deny or enforce same origin framing policies

When viewing the web.config for a site, the site is missing the XFRAME OPTIONS header to deny or enforce same origin framing policies
Download and install the latest patch which contains all fixes from previous patches. If you are running an older version, download and install the latest version and then the patch. 

Workaround:  This header can be manually added to the sites web.config file:


<system.webServer>
  ...
 
  <httpProtocol>
    <customHeaders>
      <add name="X-Frame-Options" value="SAMEORIGIN" />
    </customHeaders>
  </httpProtocol>
 
  ...
</system.webServer>

Environment

 Blackbaud CRM
 4.0
 4.0
 Service Pack 9

Was this article helpful?