Set Xframe options to prevent embedding third-party websites [Updated in Security Center 1.3]

Configure this property to prevent the content of a web-application from being embedded in a third-party site.

If com.glide.cs.embed.xframe_options is not set to the recommended value of DENY or SAMEORIGIN, then content of the web application could be embedded in a third-party site using an ALLOW-FROM uri. Allowing untrusted third-party sites could enable attacks such as clickjacking.

More information

AttributeDescription
Configuration name com.glide.cs.embed.xframe_options
Configuration type System Properties (/sys_properties_list.do)
Data type string
Recommended value sameorigin
Default value sameorigin
Category Configuration
Security risk
  • Severity score: 3.1
  • CVSS score: Low
  • Security risk details: Not setting this property to the recommended value could enable the content of a web application to be embedded in a third-party site enabling attacks such as click-jacking.
Dependencies and prerequisites None