Security Subtab
These settings let you configure security headers to control which domains can show your site’s pages in a frame.
Allow Site to Be Framed
This setting lets you adds HTTP headers that determine whether your web pages can be embedded in an HTML iframe.
Rendering a web store in an iframe is not a best practice approach due to modern third-party-cookie restrictions. The Allow Site to be Framed setting doesn’t change how browsers treat cookies or how NetSuite sets session cookies, so login, cart, and checkout may fail when a web store is framed.
Possible values for this setting include:
-
Disallow Framing – Pages can be framed only by the exact same domain/origin. This is the default setting.
-
Allow Framing – Pages can be framed by any domain/origin.
-
Allow Framing Custom – Enter each permitted domain/origin in the Allow Site to Be Framed By list. Only the domains/origins in this list can frame your web pages.
Allow Framing and Allow Framing Custom enable page rendering only. Session-dependent features, such as login, cart, and checkout, aren’t available when the iframe’s parent domain differs from your SuiteCommerce domain.
|
ID |
security.allowFraming |
|
UI location |
Advanced > Security |
|
JSON file |
SecurityHeaders.json |
Allow Site to Be Framed By
This array lets you choose which origins you want to allow to show pages in a frame. By default, SAMEORIGIN is included so pages can be displayed in a frame by your own domain.
|
ID |
security.allowFramingBy |
|
UI location |
Advanced > Security |
|
JSON file |
SecurityHeaders.json |
Add Headers to SSP Responses
This array lets you set security headers to send extra information with an HTTPS response. The array contains the following properties:
-
Name (string) – The name of the HTTPS header (not case sensitive).
-
Value (string) – The value of the HTTPS header.
|
ID |
security.headers |
|
UI location |
Advanced > Security |
|
JSON file |
SecurityHeaders.json |
See the SuiteCloud Platform help topic, HTTPS Header Information, for more information.