X-Frame-Options

The X-Frame-Options header is used to indicate whether or not a browser should be allowed to render a page in a <frame>, <iframe>, or <object>. Sites can use this to avoid clickjacking attacks by ensuring that their content is not embedded into other sites.

Configuring X-Frame-Options in the Grid

Clickjacking protection is configured by using Grid properties. See the Infor ION Grid Administration Guide for details on configuring Grid properties.

grid.http.frameOptionsEnabled – This property defines whether the X-Frame-Options header should be sent or not.
grid.http.frameOptionsWhiteList – This property is a list of domains that should be allowed to render the page. If X-Frame-Options is enabled and this property is not set or empty, the header will have the value SAMEORIGIN.

To learn about X-Frame-Options, see https://tools.ietf.org/html/rfc7034