IFrame Security

Titania Delivery allows embedded IFrame elements within the server domain, but embedding a Titania Delivery portal page within a web application from a different domain poses a number of security risks. While it may be possible to disable or modify Titania’s Content Security Policy (CSP), the result exposes security risks. Weakened security can expose the server to an attach call “click-jacking” and the X-Frame-Options ALLOW-FROM header is no longer supported by most up-to-date browsers. See X-Frame-Options for details.