Version: 7.x-51.0.0

Kibana in iframe

Web browsers changed the default behavior for cookies so that:

  • Cookies without a SameSite attribute are treated as SameSite=Lax.
  • Cookies for cross-site usage must specify SameSite=None; Secure to include third party content.

It means that Kibana can’t be accessed via an iframe on a third party web site by default. The cookies at the Kibana side must be configured to add SameSite=None; Secure attributes.

Kibana configuration


  secure: true
  isSameSite: None


Reject insecure SameSite=None cookies

Temporarily rolling back SameSite Cookie Changes

SameSite cookies explained

Incrementally Better Cookies

Not what you were looking for? Try the search.