diff --git a/source/_integrations/http.markdown b/source/_integrations/http.markdown index f32045222e7..868622030f1 100644 --- a/source/_integrations/http.markdown +++ b/source/_integrations/http.markdown @@ -62,6 +62,11 @@ use_x_forwarded_for: required: false type: boolean default: false +use_x_frame_options: + description: "Controls the `X-Frame-Options` header to help prevent [clickjacking](https://en.wikipedia.org/wiki/Clickjacking)." + required: false + type: boolean + default: true trusted_proxies: description: "List of trusted proxies, consisting of IP addresses or networks, that are allowed to set the `X-Forwarded-For` header. This is required when using `use_x_forwarded_for` because all requests to Home Assistant, regardless of source, will arrive from the reverse proxy IP address. Therefore in a reverse proxy scenario, this option should be set with extreme care. If the immediate upstream proxy is not in the list, the request will be rejected. If any other intermediate proxy is not in the list, the first untrusted proxy will be considered the client." required: false