Set Xframe options to prevent embedding third-party websites [Updated in Security Center 1.3]
-
- UpdatedFeb 1, 2024
- 1 minute read
- Vancouver
- Now Platform Security
The Vancouver release is no longer supported. As such, the product documentation and release notes are provided for informational purposes only, and will not be updated.
Set Xframe options to prevent embedding third-party websites [Updated in Security Center 1.3]
Configure this property to prevent the content of a web-application from being embedded in a third-party site.
If com.glide.cs.embed.xframe_options is not set to the recommended value of DENY or SAMEORIGIN, then content of the web application could be embedded in a third-party site using an ALLOW-FROM uri. Allowing untrusted third-party sites could enable attacks such as clickjacking.