How to fix X-Frame-Options denied

Sometimes video will not load in your site because of the X-Frame-Options HTTP response header can be used to indicate whether or not a browser should be allowed to render a page in a frame, iframe or object . So kindly refer the below instruction for how to fix the X-Frame deny issue.

Syntax

There are three possible directives for X-Frame-Options:

  • X-Frame-Options: DENY
  • X-Frame-Options: SAMEORIGIN
  • X-Frame-Options: ALLOW-FROM https://example.com/

If you specify DENY, not only will attempts to load the page in a frame fail when loaded from other sites, attempts to do so will fail when loaded from the same site. On the other hand, if you specify SAMEORIGIN, you can still use the page in a frame as long as the site including it in a frame is the same as the one serving the page.

Note: Setting the meta tag is useless! For instance,has no effect. Do not use it! Only by setting through the HTTP header like the examples below, X-Frame-Options will work.

Configuring Apache For Fix

  • To configure Apache to send the X-Frame-Options header for all pages, add this to your site’s configuration:Header always set X-Frame-Options SAMEORIGIN
  • To configure Apache to set the X-Frame-Options to ALLOW-FROM a specific Host , add this to your site’s configuration:Header set X-Frame-Options "ALLOW-FROM https://example.com/"

Or kindly contact your hosting team and disable the X-Frame-Options

Rate This Article

(7 out of 18 people found this article helpful)

Leave A Comment?

This site uses Akismet to reduce spam. Learn how your comment data is processed.