1
0
-1

Ideally we would like to configure forms to be served up with the X-Frame-Options: deny header.

    CommentAdd your comment...

    2 answers

    1.  
      1
      0
      -1

      X-Frame-Options can be configured at Form Space > Properties tab

        CommentAdd your comment...
      1.  
        1
        0
        -1

        Cool, the notes on that property say:

        The 'X-Frame-Options' HTTP header value, options include: [ NONE | SAMEORIGIN | ALLOW-FROM www.example.com ]. If blank then no 'X-Frame-Options' header will be set.

        Can we also set 'DENY'?

        1. Yulius Gita

          Yes, you can use 'DENY'

        CommentAdd your comment...