Security Subtab
These settings configure security headers to control whether your site’s pages can be rendered in a frame and, if so, by what domains.
Allow Site to Be Framed
This string specifies whether pages can be rendered in a frame. Possible values include:
-
Disallow Framing – Allow pages to be rendered in a frame only by your own domain, which is the same origin. This is the default setting.
-
Allow Framing – Allow pages to be rendered in a frame by any domain/origin.
-
Allow Framing Custom –Specify the domains/origins that are allowed to render pages in a frame. Enter the origins you want to allow in the Allow Site to Be Framed By list.
ID |
security.allowFraming |
UI location |
Advanced > Security |
JSON file |
SecurityHeaders.json |
Allow Site to Be Framed By
This array defines the origins that you want to allow to render pages in a frame. By default, SAMEORIGIN is included so pages can be rendered in a frame by your own domain.
ID |
security.allowFramingBy |
UI location |
Advanced > Security |
JSON file |
SecurityHeaders.json |
Add Headers to SSP Responses
This array specifies the security headers you want to use to pass additional information with an HTTP or HTTPS response. The array contains the following properties:
-
Name (string) – Name of the HTTPS header. This is not case sensitive.
-
Value (string) – Value of the HTTPS header.
ID |
security.headers |
UI location |
Advanced > Security |
JSON file |
SecurityHeaders.json |
See the SuiteCloud Platform help topic, HTTPS Header Information, for more information.