Enable validation

Default: true

Keywords to check for

Default: javascript:

URLs and parameters to bypass during check, each url is separated from others by comma, and from it's parameters by colons. * means to skip all parameters. For example /test:param1:param2,/test2:param1:param2

Value for X-FRAME-OPTIONS headers. Blank means no header. Possible values are DENY, SAMEORIGIN, ALLOW-FROM origin