How to configure web interface internals


New Member
Jul 29, 2019
Hi there,

I recently scanned for vulnerabilities on a Proxmox host and discovered a few vulnerabilites with the GUI/Web interface. I was wondering if there is any way to manage the configuration of this web interface for things like X-Frame-Options and HTTPS compression (GZIP/Deflate) so I can resolve some of the issues I've discovered. Apologies if I have missed questions that already answer my questions.

Ah, thank you that helps with the BREACH vulnerability but I was unable to see any mention of anti-clickjacking X-Frame-Options. I will be looking through documentation again but I do not believe I can find any new pages that will have information on this. Should I submit this to the bug tracker?
AFAIR there are no further options - so if you like - please open an enhancement request at for further discussion.

OTOH if you want full control over the web-facing side of PVE I would really suggest putting a nginx/haproxy reverse proxy in front of it and use the pve-firewall to prevent access to port 8006 - this should give you the greatest flexibility.


The Proxmox community has been around for many years and offers help and support for Proxmox VE, Proxmox Backup Server, and Proxmox Mail Gateway.
We think our community is one of the best thanks to people like you!

Get your subscription!

The Proxmox team works very hard to make sure you are running the best software and getting stable updates and security enhancements, as well as quick enterprise support. Tens of thousands of happy customers have a Proxmox subscription. Get yours easily in our online shop.

Buy now!