Hello Friends 👋,
Welcome To Infinitbility! ❤️
The X-Frame-Options HTTP response header can be used to indicate whether or not a browser should be allowed to render a page in a <frame>
, <iframe>
, <embed>
or <object>
. Sites can use this to avoid click-jacking attacks, by ensuring that their content is not embedded into other sites.
The added security is provided only if the user accessing the document is using a browser that supports X-Frame-Options.
You are trying to embed video or show pdf in your website and getting error like below
refused to display ‘url’ in a frame because it set ‘x-frame-options’ to ‘sameorigin’
well solution depends upon which url want show in your website.
Youtube url
when trying show youtube video on your website then you have to remove watch?v=
with embed/
For example: https://www.youtube.com/watch?v=8WkuChVeL0s to https://www.youtube.com/embed/8WkuChVeL0s
It works well.
Apache server url ( your server )
when your node, php, and backend language using apache server then you have to set header like below example
Go to your your conf available folder
1$ cd /etc/apache2/conf-available
Edit default-ssl.conf
or your domain conf virtualhost
Add header with “SAMEORIGIN”
1Header always set X-Frame-Options "SAMEORIGIN"
when your diffrent origin
1Header always set X-Frame-Options "ALLOW-FROM https://clientsidedomain.com/"
Thanks for reading…
Follow me on Twitter
Join our email list and get notified about new content
No worries, I respect your privacy and I will never abuse your email.
Every week, on Tuesday, you will receive a list of free tutorials I made during the week (I write one every day) and news on other training products I create.