From 4ca99a003e6f220c2094231cc848f13ff815c578 Mon Sep 17 00:00:00 2001
From: Franck Nijhof <git@frenck.dev>
Date: Mon, 7 Aug 2023 08:02:28 +0200
Subject: [PATCH] Document use_x_frame_options http configuration option
 (#28453)

---
 source/_integrations/http.markdown | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/source/_integrations/http.markdown b/source/_integrations/http.markdown
index f32045222e7..868622030f1 100644
--- a/source/_integrations/http.markdown
+++ b/source/_integrations/http.markdown
@@ -62,6 +62,11 @@ use_x_forwarded_for:
   required: false
   type: boolean
   default: false
+use_x_frame_options:
+  description: "Controls the `X-Frame-Options` header to help prevent [clickjacking](https://en.wikipedia.org/wiki/Clickjacking)."
+  required: false
+  type: boolean
+  default: true
 trusted_proxies:
   description: "List of trusted proxies, consisting of IP addresses or networks, that are allowed to set the `X-Forwarded-For` header.  This is required when using `use_x_forwarded_for` because all requests to Home Assistant, regardless of source, will arrive from the reverse proxy IP address. Therefore in a reverse proxy scenario, this option should be set with extreme care. If the immediate upstream proxy is not in the list, the request will be rejected. If any other intermediate proxy is not in the list, the first untrusted proxy will be considered the client."
   required: false