Views:

Applies to Product - Power Pages


What’s happening?
The customer is experiencing issues when running the Site Checker on their websites, where the status indicates a failure due to vulnerabilities identified by a preliminary vulnerability analysis tool.


Reason:
The underlying cause of this appears to be related to the configuration settings, specifically the HTTP/X-Frame-Options settings, which may not be correctly set.


Resolution:

  1. Disable the X-Frame-Options by accessing the Power Apps maker and ensuring the correct environment with the portal provisioned is selected.
  2. In the Apps list, select All and then choose the Power Management app to open it.
  3. Set the HTTP/X-Frame-Options value to None and select Save.
  4. Restart the portal:
  5. Sign in to the Microsoft Power Platform admin center.
  6. Expand Resources in the left pane and select Power Admin.
  7. Choose the target website name and select Site Actions, then Shut down this site.
  8. After stopping, select Site Actions again and choose Start this site.
  9. Run the Site Checker again:
  10. Open Power Admin and click the Run button in the Site Checker.
  11. If there are warnings related to HTTP/X-Frame-Options, expand the message for more details.
  12. If necessary, enable the X-Frame-Options by setting the value to SAMEORIGIN and recheck the site from the Power Platform admin center.