Preventing web pages from being embedded

You can prevent your Oracle Eloqua landing pages from being embedded in a frame, inline frame (iframe), or object. This can help prevent clickjacking attacks by ensuring that your content cannot be embedded into other sites.

You configure this prevention for each microsite. By default, Oracle Eloqua prevents embedding for all new microsites.

When you prevent embedding, Oracle Eloqua sets the X-Frame-Options HTTP response header to SAMEORIGIN. This prevents all modern browsers from rendering your pages in a <frame>, <iframe> or <object>. The visitor's browser must support X-Frame-Options for this prevention method to work.

To prevent embedding:

  1. Navigate to Assets An image of the Assets icon, which is represented by a black pencil. > Website Setup, then click Microsites.
  2. Click the microsite you want to update.
  3. Clear the Allow Embedding or Framing check box. If you select the check box, pages can be embedded.

    An image showing the setting that prevent landing page embedding

  4. Save your changes.

Learn more

Allowing Oracle Eloqua pages to be embedded in an inline frame

Microsites