diff --git a/frontends/php/include/classes/screens/CScreenUrl.php b/frontends/php/include/classes/screens/CScreenUrl.php
index e35c5f1..1df396e 100644
--- a/frontends/php/include/classes/screens/CScreenUrl.php
+++ b/frontends/php/include/classes/screens/CScreenUrl.php
@@ -29,18 +29,10 @@ class CScreenUrl extends CScreenBase {
 	public function get() {
 		// prevent from resolving macros in configuration page
 		if ($this->mode != SCREEN_MODE_PREVIEW && $this->mode != SCREEN_MODE_SLIDESHOW) {
-			return $this->getOutput(
-				CHtmlUrlValidator::validate($this->screenitem['url'], false)
-					? new CIFrame($this->screenitem['url'], $this->screenitem['width'], $this->screenitem['height'],
-							'auto')
-					: makeMessageBox(false, [[
-								'type' => 'error',
-								'message' => _s('Provided URL "%1$s" is invalid.', $this->screenitem['url'])
-							]]
-						)
-			);
+			return $this->getOutput($this->prepareElement());
 		}
-		elseif ($this->screenitem['dynamic'] == SCREEN_DYNAMIC_ITEM && $this->hostid == 0) {
+
+		if ($this->screenitem['dynamic'] == SCREEN_DYNAMIC_ITEM && $this->hostid == 0) {
 			return $this->getOutput((new CTableInfo())->setNoDataMessage(_('No host selected.')));
 		}
 
@@ -54,14 +46,28 @@ class CScreenUrl extends CScreenBase {
 
 		$this->screenitem['url'] = $url ? $url : $this->screenitem['url'];
 
-		return $this->getOutput(
-			CHtmlUrlValidator::validate($this->screenitem['url'], false)
-				? new CIFrame($this->screenitem['url'], $this->screenitem['width'], $this->screenitem['height'], 'auto')
-				: makeMessageBox(false, [[
-							'type' => 'error',
-							'message' => _s('Provided URL "%1$s" is invalid.', $this->screenitem['url'])
-						]]
-					)
-		);
+		return $this->getOutput($this->prepareElement());
+	}
+
+	/**
+	 * @return CTag
+	 */
+	public function prepareElement() {
+		if (CHtmlUrlValidator::validate($this->screenitem['url'], false)) {
+			$item = new CIFrame($this->screenitem['url'], $this->screenitem['width'], $this->screenitem['height'],
+				'auto'
+			);
+
+			if (ZBX_IFRAME_SANDBOX !== false) {
+				$item->setAttribute('sandbox', ZBX_IFRAME_SANDBOX);
+			}
+
+			return $item;
+		}
+
+		return makeMessageBox(false, [[
+			'type' => 'error',
+			'message' => _s('Provided URL "%1$s" is invalid.', $this->screenitem['url'])
+		]]);
 	}
 }
diff --git a/frontends/php/include/defines.inc.php b/frontends/php/include/defines.inc.php
index a67a625..c6a437c 100644
--- a/frontends/php/include/defines.inc.php
+++ b/frontends/php/include/defines.inc.php
@@ -1284,6 +1284,14 @@ if (function_exists('bcscale')) {
 	bcscale(7);
 }
 
+/**
+ * The sandbox attribute enables an extra set of restrictions for the content in the iframe. Default is set to empty
+ * string, which means all restrictions are applied. To disable, set to FALSE. To set a specific set of restrictions,
+ * write a custom string.
+ * https://www.w3.org/TR/2010/WD-html5-20100624/the-iframe-element.html#attr-iframe-sandbox
+ */
+define('ZBX_IFRAME_SANDBOX', '');
+
 // HTTP headers
 /*
  * Value of HTTP X-Frame-options header.