---
title: "X-Frame options"
slug: "x-frame-options"
description: "By enabling the X-Frame options in Document360, your knowledge base can prevent itself from embedding in an iframe on an external domain."
updated: 2026-03-31T09:12:00Z
published: 2026-03-31T09:12:00Z
---

> ## Documentation Index
> Fetch the complete documentation index at: https://docs.document360.com/llms.txt
> Use this file to discover all available pages before exploring further.

# X-Frame options

**X-Frame options** allow you to control whether your Knowledge base can be embedded in `&lt;frame&gt;, &lt;iframe&gt;`, `&lt;embed&gt;`, or `&lt;object&gt;` tags on other domains. This feature provides an additional layer of security by preventing malicious websites from embedding your Knowledge base using the above tags.

> [!NOTE]
> ** NOTE
> 
> Ensure that you are not using iframe-based embedding for unauthorized domains, as it will be blocked when the X-Frame options setting is enabled.

---

## Access X-Frame options

![Settings page showing options for X-Frame and content security policy configurations.](https://cdn.document360.io/860f9f88-412e-4570-8222-d5bf2f4b7dd1/Images/Documentation/Screenshot-Enable_xframe_options.png)

1. Hover on **Settings**(**) in the left navigation bar in the **Knowledge base portal**.
2. In the sub-menu, select **Knowledge base site** and navigate to**Security**.

This section contains controls for various security settings.
3. Locate the toggle labeled **Enable X-Frame options** and switch it on to restrict iframe embedding from external domains.

For example, if your knowledge base domain is `help.example.com` and you want to prevent other sites like `support.test.com` from embedding your content via iframes, ensure the **Enable X-Frame options** toggle is turned on.

![2_Screenshot-XFrame_options_before_after](https://cdn.document360.io/860f9f88-412e-4570-8222-d5bf2f4b7dd1/Images/Documentation/2_Screenshot-XFrame_options_before_after.png)

---

### FAQ

#### What is an iframe?

An iframe, also known as an inline frame, is an HTML element that allows web developers to embed another HTML document within the current document. The content within an iframe is a separate web page displayed within a specific section of another web page. Due to its ability to embed external content, managing iframe usage with security settings such as X-Frame options is crucial to prevent security risks like clickjacking.

#### What are the embedded tags that I can restrict with the X-Frame options?

The X-Frame options setting allows you to control whether your knowledge base can be embedded in `&lt;frame&gt;`, `&lt;iframe&gt;`, `&lt;embed&gt;`, or `&lt;object&gt;` tags on external domains.

#### Why are X-Frame options important?

The X-Frame options are vital for security as they help prevent clickjacking attacks, where an attacker embeds your knowledge base in a malicious website. This embedding tricks users into performing unintended actions. Enabling X-Frame options ensures your knowledge base cannot be embedded on external domains, safeguarding user interactions.

#### How can I configure the X-Frame options for my knowledge base?

1. Hover on **Settings**(**) in the left navigation bar in the **Knowledge base portal**.
2. In the sub-menu, select **Knowledge base site** and navigate to**Security**.
3. Locate the toggle labeled **Enable X-Frame options** and switch it on to prevent your knowledge base from being embedded on unauthorized external domains.

#### How can I test if my X-Frame options are working?

You can test if your X-Frame options are correctly configured by:

1. Using your browser’s developer tools and checking the **Network** tab to inspect response headers for the **X-Frame-Options** setting.
2. Using third-party services like [securityheaders.com](http://securityheaders.com) to verify that the correct X-Frame-Options header is applied.

#### What are the potential risks of not using X-Frame options?

If the X-Frame options are not enabled for your knowledge base, it may be embedded in an iframe on another website without your authorization. This lack of control exposes your site to clickjacking attacks, where attackers overlay invisible or misleading elements over your interface to trick users into performing unintended actions, such as divulging passwords or clicking on malicious links. Such vulnerabilities can compromise user security and potentially lead to data breaches.

#### What is clickjacking?

Clickjacking, also known as UI redressing or UI masking, is a malicious technique where attackers trick users into clicking on a button or link that is hidden or obscured within a web page or application. This is often achieved by overlaying a transparent layer with deceptive elements over a legitimate website or application. Users may think they are interacting with the actual site, but in reality, they are engaging with elements controlled by the attacker. Such interactions can lead to adverse outcomes, like downloading malware, making unauthorized purchases, or inadvertently sharing sensitive information. Utilizing security settings like X-Frame options can help protect against such attacks by preventing unauthorized embedding of your content.

#### What is a malicious website?

A malicious website is a site designed to cause harm to visitors or their devices. These sites may trick visitors into downloading malware, stealing personal information, or engaging in fraudulent activities. Using X-Frame options helps prevent your content from being embedded on such sites, enhancing your security measures against these risks.

An online library where users can find information about a product, service, department, or topic. It helps users self-serve by providing answers and guidance.