Protect the Login Page From iFrame Embeds


This Advanced Setting will protect the Login page (/login) from being called from an iframe that is not on the same domain name.

The purpose of this security setting is to prevent another website from embedding the website login form without proper authorization. We recommend enabling this setting as a security measure.

However some sites have a custom integration where the login page is part of additional built-in functionality within another application, in which case we recommend disabling this setting and/or customizing the login widget to modify it for specific customizations.

  • System Variable: protect_login_from_iframe