Preventing web pages from being embedded
You can prevent your Oracle Eloqua landing pages from being embedded in a frame, inline frame (iframe), or object. This can help prevent clickjacking attacks by ensuring that your content cannot be embedded into other sites.
You configure this prevention for each microsite. By default, Oracle Eloqua prevents embedding for all new microsites.
When you prevent embedding, Oracle Eloqua sets the X-Frame-Options
HTTP response header to SAMEORIGIN
. This prevents all modern browsers from rendering your pages in a <frame>
, <iframe>
or <object>
. The visitor's browser must support X-Frame-Options
for this prevention method to work.
To prevent embedding:
- Navigate to Assets > Website Setup, then click Microsites.
- Click the microsite you want to update.
- Clear the Allow Embedding or Framing check box. If you select the check box, pages can be embedded.
- Save your changes.
Allowing Oracle Eloqua pages to be embedded in an inline frame