+ Start a Discussion
raj kiranraj kiran 

X-FRAME-OPTIONS in force.con sites

Hi All,

I have implemented sites with guest users inserting data to custo object. the questions are on security related.
I have enabled click jack protection for both standard headers and header disabled. my vf page have header as false.
the shared vf page is now being used as iframe in external website . by using x frame option inside my vf page can we whitelist the domain of external website ? using the allow from parameter  x frame option? if yes  can anyone share sample code on how to ? the below is the code so far i can track 

HttpServletResponse response …;
response.addHeader(“X-FRAME-OPTIONS”, “Allow-From https://some.othersite.com”);

 I am  banging my head on how to use the httpservelt cide in my vf page,not sure how can i add this httpservletresponce code in vf pages as my page has simple apex form, fields and  submit method to send the data to sfdc custom object. as far i know if i am external website i can write request responce code in .jsp or java or php related etc, but its sfdc how do i proceed.

All related information shared are appreciated.

Regards,
Raj