services.grafana.settings.security.allow_embedding

When false, the HTTP header X-Frame-Options: deny will be set in Grafana HTTP responses which will instruct browsers to not allow rendering Grafana in a <frame>, <iframe>, <embed> or <object>. The main goal is to mitigate the risk of Clickjacking.

Type

boolean

Default

false

Declared

<nixpkgs/nixos/modules/services/monitoring/grafana.nix>