X-Frame-Options header used to control whether a page can be placed in an IFRAME.
There are three possible directives for X-Frame-Options:
deny:
Not only will attempts to load the page in a frame fail when loaded from other sites, but attempts to do so will also fail when loaded from the same site.
sameorigin:
You can still use the page in a frame as long as the site including it in a frame is the same as the one serving the page.
allow-from uri:
The page can only be displayed in a frame on the specified origin. Note that in Firefox this still suffers from the same problem as sameorigin did — it doesn't check the frame ancestors to see if they are in the same origin.
MSDN Community Support
Please remember to click "Mark as Answer" the responses that resolved your issue.
If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.
1487 Posts
Re: X-Frame-Options headers
Apr 05, 2019 06:49 AM|Jalpa Panchal|LINK
Hi tippet,
X-Frame-Options header used to control whether a page can be placed in an IFRAME.
There are three possible directives for X-Frame-Options:
Not only will attempts to load the page in a frame fail when loaded from other sites, but attempts to do so will also fail when loaded from the same site.
You can still use the page in a frame as long as the site including it in a frame is the same as the one serving the page.
The page can only be displayed in a frame on the specified origin. Note that in Firefox this still suffers from the same problem as sameorigin did — it doesn't check the frame ancestors to see if they are in the same origin.
Browser compatibility:
You could also refer below article:
Please remember to click "Mark as Answer" the responses that resolved your issue.
If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.