Hidden iframes that load your site's pages can be placed maliciously by an unrelated page that entices the user to click a button or link that appears below the hidden iframe. With clickjack protection, you can configure whether your browser allows frames or iframes over your site pages. The default clickjack level for Site.com is set to Allow framing by the same origin only.
- Allow framing by any page (no protection)
- Allow framing by the same origin only (recommended)
- Don’t allow framing by any page (most protection)
Clickjack protection won’t be automatically enabled for sites created prior to the Spring ’14 release. To manage clickjack protection in your site:
- On the Overview tab, click Site Configuration.
- Click Edit.
- Select the desired level of clickjack protection.