Set Xframe options to prevent embedding third-party websites

  • Release version: Australia
  • Updated March 12, 2026
  • 1 minute to read

    • Configure this property to prevent the content of a web-application from being embedded in a third-party site.

    If the com.glide.cs.embed.xframe_options system property is not set to the recommended value of DENY or SAMEORIGIN, then content of the web application could be embedded in a third-party site using an ALLOW-FROM URI.

    Ensure the property com.glide.cs.embed.xframe_options is set to DENY or SAMEORIGIN.

    More information

    Attribute Description
    Configuration name com.glide.cs.embed.xframe_options
    Configuration type System Properties (/sys_properties_list.do)
    Data type String
    Recommended value DENY or SAMEORIGIN
    Default value <none>
    Fallback value <empty>
    Category Configuration
    Security risk
    • Severity score: 3.1
    • CVSS score: Low
    • Security risk details: Allowing untrusted third-party sites could enable attacks such as clickjacking.
    Dependencies and prerequisites None