Hello Friends 👋,
Welcome To Infinitbility! ❤️
The X-Frame-Options HTTP response header can be used to indicate whether or not a browser should be allowed to render a page in a
<object>. Sites can use this to avoid click-jacking attacks, by ensuring that their content is not embedded into other sites.
The added security is provided only if the user accessing the document is using a browser that supports X-Frame-Options.
You are trying to embed video or show pdf in your website and getting error like below
refused to display ‘url’ in a frame because it set ‘x-frame-options’ to ‘sameorigin’
well solution depends upon which url want show in your website.
when trying show youtube video on your website then you have to remove
For example: https://www.youtube.com/watch?v=8WkuChVeL0s to https://www.youtube.com/embed/8WkuChVeL0s
It works well.
Apache server url ( your server )
when your node, php, and backend language using apache server then you have to set header like below example
Go to your your conf available folder
$ cd /etc/apache2/conf-available
default-ssl.conf or your domain conf virtualhost
Add header with “SAMEORIGIN”
Header always set X-Frame-Options "SAMEORIGIN"
when your diffrent origin
Header always set X-Frame-Options "ALLOW-FROM https://clientsidedomain.com/"
Thanks for reading…