Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Control what external domains iframes can communicate to on your your website.

Risk - internally developers may introduce iframe code to subvert your website or collect sensitive data. Externally, if your application is open ton an injection attack, a malicious iframe may be placed on your website.

Possible Impact - iframe callouts to external domains not added to the white list will not workThe success of this policy is dependant have a proper inventory of external domains used by iframes.

Considerations - If the website is an application, you may want to use code to set headers instead of using the web server.

...