Search results

X-Frame-Options configuration

X-Frame-Options is used to instruct the browser on whether it should allow or restrict page rendering in a frame, thereby helping to avoid click-jacking attacks by ensuring that your site’s content is not embedded into other sites.

Warning: Please make sure that you are not using iframe based embedding, as it will not work when the X-Frame-Options setting is enabled in Bold Reports.

When X-Frame-Options is enabled in Bold Reports, it uses the X-Frame-Options: SAMEORIGIN response header, which will allow the rendering of pages in frames only to the current domain and restrict them in other domains.

By default, X-Frame-Options are disabled, and no restrictions are applied for rendering pages in a frame. The X-Frame-Options response header won’t be added to the request.

Content Security Policy settings for font

Enabling X-Frame-Options

If you enable X-Frame-Options, the pages will only be rendered in a frame if their ancestor’s domain is the same as the page domain.

Content Security Policy settings for font

Warning: Please make sure that you are not using iframe-based embedding, as it will not work when the X-Frame-Options setting is enabled in Bold Reports. Click iframe-based embedding guide to learn more about iframe-based embedding.

Please provide additional information

Thank you for your feedback and comments.We will rectify this as soon as possible!