Hello Friends 👋,

Welcome To Infinitbility! ❤️

The X-Frame-Options HTTP response header can be used to indicate whether or not a browser should be allowed to render a page in a <frame>, <iframe>, <embed> or <object>. Sites can use this to avoid click-jacking attacks, by ensuring that their content is not embedded into other sites.

The added security is provided only if the user accessing the document is using a browser that supports X-Frame-Options.

You are trying to embed video or show pdf in your website and getting error like below

refused to display ‘url’ in a frame because it set ‘x-frame-options’ to ‘sameorigin’

well solution depends upon which url want show in your website.

Youtube url

when trying show youtube video on your website then you have to remove watch?v= with embed/

For example: https://www.youtube.com/watch?v=8WkuChVeL0s to https://www.youtube.com/embed/8WkuChVeL0s

It works well.

Apache server url ( your server )

when your node, php, and backend language using apache server then you have to set header like below example

Go to your your conf available folder

$ cd /etc/apache2/conf-available

Edit default-ssl.conf or your domain conf virtualhost

Add header with “SAMEORIGIN”

Header always set X-Frame-Options "SAMEORIGIN"

when your diffrent origin

Header always set X-Frame-Options "ALLOW-FROM https://clientsidedomain.com/"

Thanks for reading…