Versions Compared


  • This line was added.
  • This line was removed.
  • Formatting was changed.


As a value, you can enter any alias path. All documents under this path will be excluded from the protection. You can specify multiple paths divided by a semicolon (;). Entering "/" turns off the protection altogether.

Special cases where the X-frame-options header is not included

There are a few special cases where this particular protection is disabled by the system.

These cases include preview modes of objects (for example, transformations) which can be displayed in the context of different websites and different domains. To display the previews of these objects properly, Kentico does not include the X-frame-options header in such pages. Therefore, to maintain the security protection against clickjacking, Kentico adds a special clickjacking hash to the URL of the particular frame. The content of the frame is displayed only if hash validation is successful. Otherwise the data is considered malicious and the content from the different domain is not rendered.