Set Xframe options to prevent embedding third-party websites [Updated in Security Center 1.3]

リリースバージョン: Australia

更新日 2026年03月12日

所要時間：1分

Configure this property to prevent the content of a web-application from being embedded in a third-party site.

If com.glide.cs.embed.xframe_options is not set to the recommended value of DENY or SAMEORIGIN, then content of the web application could be embedded in a third-party site using an ALLOW-FROM uri. Allowing untrusted third-party sites could enable attacks such as clickjacking.

More information


Attribute	Description
Configuration name	com.glide.cs.embed.xframe_options
Configuration type	System Properties (/sys_properties_list.do)
Data type	string
Recommended value	sameorigin
Default value	sameorigin
Category	Configuration
Security risk	Severity score: 3.1 CVSS score: Low Security risk details: Not setting this property to the recommended value could enable the content of a web application to be embedded in a third-party site enabling attacks such as click-jacking.
Dependencies and prerequisites	None