Appearance

Updating visuals

If you see any images containing outdated UI, please bear with us.

We are updating all content as quickly as possible to mirror our new UI.

Headers ​

The Headers settings allow you to control how your WeWeb application can be embedded in iframes and configure custom HTTP headers for security, caching, and other purposes.

Accessing headers settings ​

To configure headers:

  1. Open the Settings tab in the top bar and click Interface Settings
  2. Under the Advanced section, click Headers

This opens the headers configuration modal.

Iframe embedding ​

By default, once published, your WeWeb app can be embedded in an iframe on other websites. You can control this behavior to protect your application from clickjacking attacks or to limit where your app can be displayed.

Embedding options ​

In Headers settings, choose one of these iframe options:

  • Allow — Your app can be embedded in iframes on any website
  • Allow on same domain name — Your app can only be embedded on pages from the same domain
  • Block — Your app cannot be embedded in any iframe

TIP

These settings apply after your next publish to production. A Hosting or Seat plan is required.

Setting iframe embedding ​

To configure iframe embedding:

  1. Open Headers settings
  2. Find the iframe embedding section
  3. Select your preferred option
  4. Save your changes

Iframe & custom headers

In the example above, you can see the iframe embedding options and the custom headers section where you can add custom headers to your published project.

TIP

Unless you have a specific need for your app to be embedded in iframes, it's recommended to either block embedding or allow it only on the same domain for security purposes.

When to allow iframe embedding ​

Allow iframe embedding when:

  • Your app is designed to be embedded in other sites
  • You're building widgets or embeddable components
  • You have a specific integration that requires iframe embedding

Block or restrict iframe embedding when:

  • Building a standard web application
  • Handling sensitive data or authentication
  • Security is a primary concern

Custom headers ​

Custom headers allow you to add HTTP response headers to your published application. These headers can control security policies, caching behavior, and other browser behaviors.

Adding a custom header ​

To add a custom header:

  1. Open Headers settings
  2. Find the custom headers section
  3. Click Add
  4. Enter the header name
  5. Enter the header value
  6. Save your changes

Testing custom headers ​

After adding custom headers:

  1. Publish your application
  2. Open your published app in a browser
  3. Open the browser's developer tools
  4. Go to the Network tab
  5. Refresh the page
  6. Click on the main document request
  7. Check the Response Headers to verify your custom headers are present

Removing custom headers ​

To remove a custom header:

  1. Open Headers settings
  2. Find the header you want to remove
  3. Click the remove/delete option
  4. Save your changes

CONTINUE LEARNING

Learn about managing other app settings:

Learn about redirections →