Enum XFrameOptionsMode
Page Summary
XFrameOptionsMode is an enum used for client-side HtmlService scripts to represent X-Frame-Options modes.
These modes can be accessed via HtmlService.XFrameOptionsMode and set using HtmlOutput.setXFrameOptionsMode(mode).
Setting XFrameOptionsMode.ALLOWALL allows any site to iframe the page, requiring the developer to implement clickjacking protection.
The default X-Frame-Options mode used by Apps Script if none is set is DEFAULT.
An enum representing theX-Frame-Options modes that can be used for client-sideHtml scripts. These values can be accessed fromHtml,and set by callingHtml.
To call an enum, you call its parent class, name, and property. For example,HtmlService.XFrameOptionsMode.ALLOWALL.
SettingXFrameOptionsMode.ALLOWALL will let any site iframe the page, so the developershould implement their own protection against clickjacking.
If a script does not set anX-Frame-Options mode, Apps Script usesDEFAULTmode as the default.
// Serve HTML with no X-Frame-Options header (in Apps Script server-side code).constoutput=HtmlService.createHtmlOutput('<b>Hello, world!</b>');output.setXFrameOptionsMode(HtmlService.XFrameOptionsMode.ALLOWALL);
Properties
| Property | Type | Description |
|---|---|---|
ALLOWALL | Enum | NoX-Frame-Options header will be set. This will let any site iframe the page, so thedeveloper should implement their own protection against clickjacking. |
DEFAULT | Enum | Sets the default value for theX-Frame-Options header, which preserves normal securityassumptions. If a script does not set anX-Frame-Options mode, Apps Script uses thismode as the default. |
Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2025-12-11 UTC.