> ## Documentation Index
> Fetch the complete documentation index at: https://docs.modelence.com/llms.txt
> Use this file to discover all available pages before exploring further.

# SecurityConfig

[API Reference](/api-reference/modelence/server/type-aliases/../../../index) / [modelence](/api-reference/modelence/server/type-aliases/../../index) / [server](/api-reference/modelence/server/type-aliases/../index) / SecurityConfig

> **SecurityConfig** = `object`

Defined in: [packages/modelence/src/app/securityConfig.ts:20](https://github.com/modelence/modelence/blob/f614ecc6811cdda9670d612872c8ff49a49c5e28/packages/modelence/src/app/securityConfig.ts#L20)

Security configuration for the application

By default, the app is protected against clickjacking by setting
`Content-Security-Policy: frame-ancestors 'self'` and `X-Frame-Options: SAMEORIGIN`
on all responses, preventing the app from being embedded in iframes on other domains.

## Example

```typescript theme={null}
import { startApp } from 'modelence/server';

// Allow embedding in iframes on specific domains
startApp({
  security: {
    frameAncestors: ['https://modelence.com', 'https://app.example.com'],
  },
});
```

## Properties

| Property                                    | Type        | Description                                                                                                                                                                                                                                                      | Defined in                                                                                                                                                                               |
| ------------------------------------------- | ----------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| <a id="frameancestors" /> `frameAncestors?` | `string`\[] | Additional origins allowed to embed this app in an iframe. The app's own origin (`'self'`) is always included automatically. When not set, only same-origin framing is allowed. When set, `X-Frame-Options` is omitted since it cannot express multiple origins. | [packages/modelence/src/app/securityConfig.ts:28](https://github.com/modelence/modelence/blob/f614ecc6811cdda9670d612872c8ff49a49c5e28/packages/modelence/src/app/securityConfig.ts#L28) |
