Configuring Clickjacking Protection

To configure clickjacking protection:

1. From the Partition and Departments dropdown menu, go to the partition space.

2. In the Navigation menu, browse to Security > Access Restrictions > Clickjacking Protection.

3. On the Properties page, select one of the following clickjacking protection options:

   • Allow framing by the same origin only: Enable this setting to allow a page to be displayed in an iframe on a website having the same domain. This setting is selected by default.

   • Allow framing by any page: Enable this setting to allow the applications to be embedded in an iframe on any website. Note that this option lowers the defense of a website against clickjacking attacks.

   • Don’t allow framing by any page: Enable this setting to prevent any website from embedding the applications in an iframe.

   • Allow framing of site from external domains and by same origin: Enable this setting to allow the applications to be embedded in an iframe for trusted domains only. The same origin clickjacking protection is also enabled with this option. After enabling this option, the following fields appear:

     • Enter Website URL: Click the Enter Website URL button. Provide the domains in the given field of the Enter Website URL window, and click Done to add it into the list of Allowed Websites. If you are accessing the application with a port, then provide the port number along with the domain. for example, https://purplenile.services.com:9001

     • Allowed Websites: It is a list of all the domains on which the user can embed the applications. 

   

4. Click the Save button.

Related Topics

• Clickjacking Protection

• Deleting Customer External Domains