An external website has a snippet of code added to it from a knowledge base site referred to as Touchpoint. This is configured by the site Administrator for that external website. The snippet of code uses built-in modern browser security standards to enforce strictness.
- The x-frame-options HTTP header is used to indicate whether a webpage can be embedded in an
iframeelement on another webpage. It helps to protect against clickjacking attacks, which can occur when an attacker tricks a user into clicking on a webpage element that is in a hidden frame on a different website.
- allow-from: uri: This value allows the webpage to be displayed in an <iframe> element only if the parent webpage is at the specified uri.
- Cross-Origin Resource Sharing
- Same-Origin policy
- Content Security Policy aka CSP