CivicPlus has blocked our sites from being iFramed on other domains due to security risks. Our customers' security is very important to us, and allowing our sites to be iFramed would allow anyone to expose vulnerabilities in iFrames that include Clickjacking, XSS, and other malicious attacks.
At CivicPlus we take your site security seriously and block iframes to help block outside malicious behavior.
Feedback About the Article
Let us know what was helpful or not helpful about the article below.1 comment
Is there a way for us to specify external resources that we trust to be included in the frame-ancestors tag in the header? We have a site that we used to embed that no longer works, and I'm getting:
Refused to frame '(our external resource)' because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'self'"
I can't find anything in the site tools where I can add a trusted site.
Please sign in to leave a comment.