SN System Properties Reference
Property reference

com.glide.cs.embed.xframe_options

The com.glide.cs.embed.xframe_options property defines the X-Frame-Options header value for embedding the Virtual Agent and Live Agent in iframes. It is crucial for ensuring secure and proper display of chat functionalities within other web applications.

Default: sameorigin Type: string Application: Global

Key questions about this property

The answers below summarize the purpose, scope, default effect, and review scenarios for this property.

What does it do? This property sets the X-Frame-Options header to control iframe embedding behavior for chat services, with a default value of 'sameorigin' to prevent clickjacking.
What area does it affect? Chat embedding security
What does the default mean? The default value is "sameorigin", which is the baseline setting used unless it is changed.
When should you review it? Review this property when configuring chat integrations or addressing security concerns related to iframe usage.

Out of the box property record

Raw metadata from the property record.

Property name com.glide.cs.embed.xframe_options
Sys ID 5f84619273522300e985658b4cf6a7ad
Type string
Application Global
Default value sameorigin
Description A string which contains the embedded VA and Live Agent X-Frame-Options header value for allowing iframe embeds of the chat.
Updated 2024-05-25 04:01:46

Sources

Official references and nearby text excerpts where this property appears.

Documentation excerpt View supporting context
Context preview Snippet 1
... the full redirect URLs or the host part of the URL, such as https://example.com. This procedure requires that you set values for the following two system properties: • com.glide.cs.embed.csp_frame_ancestors • com.glide.cs.embed.xframe_options (IE 11 only) These properties determine the security policy for the embedded chat widget, namely how browsers render and secure HTML content for Virtual Agent and Live Agent chat, in ...
Documentation excerpt View supporting context
Context preview Snippet 2
... increases the risk of session hijacking, as attackers could reuse session identifiers to gain unauthorized access. Set Xframe options to prevent embedding third-party websites • Description ◦(Old‎ <blank> ◦(New‎ If "com.glide.cs.embed.xframe_options" is not set to the recommended value of "DENY" or "SAMEORIGIN", then content of the web application could be embedded in a third-party site using an ALLOW- FROM URI. © ...
Additional source link Another external reference for this property
Open reference