Key questions about this property
The answers below summarize the purpose, scope, default effect, and review scenarios for this property.
| What does it do? |
It configures the X-Frame-Options header to enhance security by controlling frame embedding for UI pages. |
| What area does it affect? |
UI security settings |
| What does the default mean? |
The default value is "true", which means this behavior is enabled by default. |
| When should you review it? |
Review this property when assessing security measures against clickjacking vulnerabilities. |
Out of the box property record
Raw metadata from the property record.
| Property name |
glide.set_x_frame_options |
| Sys ID |
6a80a123ff2010003061fe51c17f9dc6 |
| Type |
boolean |
| Application |
Global |
| Default value |
true |
| Description |
Enable this property to set the X-Frame-Options response header to SAMEORIGIN for all UI pages. The X-Frame-Options HTTP response header can be used to indicate whether or not a browser should be allowed to render a page in a <frame> or <iframe>. Sites can use this to avoid clickjacking attacks, by ensuring that their content is not embedded into other sites.
https://developer.mozilla.org/en/the_x-frame-options_response_header |
| Updated |
2024-05-25 05:04:13 |
Sources
Official references and nearby text excerpts where this property appears.
Context preview
Snippet 1
... current case, X- Frame-Options header controls whether or not ServiceNow application can be rendered on the 3rd party website, and thus to reduce sensitive Either update the value of the glide.set_x_frame_options system property to true OR insert this system property with a value of true. Documentation © 2026 ServiceNow, Inc. All rights reserved. ServiceNow, the ServiceNow logo, Now, and other ServiceNow ...
Context preview
Snippet 2
... | false • Default: true • Location: System Property [sys_properties] table glide.service_portal.search_as_you_type_behavior Select search suggestions (Suggestions) or type-ahead functionality (Typeahead). For more information about search suggestions, see Enable search suggestions. glide.set_x_frame_options Enables (true) or disables (false) the X-Frame-Options response header to SAMEORIGIN for all UI pages. The X-Frame-Options HTTP response header can be used to indicate whether a browser should be ...
Context preview
Snippet 3
... should not access to the dashboard. Implement the x-frame-options: SAMEORIGIN security header • Description ◦(Old <blank> ◦(New The following property controls the implementation of the security header X-Frame-Options: SAMEORIGIN. If "glide.set_x_frame_options" is not set to the recommended value of "true", then an instance will be allowed to be framed in an iframe of another page. • Security Risk ◦(Old <blank> ◦(New ...
Context preview
Snippet 4
... header Normally, the ServiceNow AI Platform automatically includes the X-Frame-Options: SAMEORIGIN header. • It supports use of this header in all types of browsers, based on the setting of the glide.set_x_frame_options global property, which is enabled by default. • When you configure a page with a Content-Security-Policy: frame-ancestor 'self' URL1 URL2 header, the ServiceNow AI Platform does not automatically include the ...
Related properties