Set Xframe options to prevent embedding third-party websites [Updated in Security Center 1.3]

  • 릴리스 버전: Australia
  • 업데이트 날짜 2026년 03월 12일
  • 소요 시간: 1분

    • Configure this property to prevent the content of a web-application from being embedded in a third-party site.

    If com.glide.cs.embed.xframe_options is not set to the recommended value of DENY or SAMEORIGIN, then content of the web application could be embedded in a third-party site using an ALLOW-FROM uri. Allowing untrusted third-party sites could enable attacks such as clickjacking.

    More information

    Attribute Description
    Configuration name com.glide.cs.embed.xframe_options
    Configuration type System Properties (/sys_properties_list.do)
    Data type string
    Recommended value sameorigin
    Default value sameorigin
    Category Configuration
    Security risk
    • Severity score: 3.1
    • CVSS score: Low
    • Security risk details: Not setting this property to the recommended value could enable the content of a web application to be embedded in a third-party site enabling attacks such as click-jacking.
    Dependencies and prerequisites None