X-Frame-Options HTTP Header
X-Frame-Options
Clickjacking protection.
Accepted Values
The header accepts text in an appropriate format.
- allow-from="<url>"
Allow from specified location.
allow-from="https://yourwebsite.com/url"- allowall
Non-standard, allow from any location.
- deny
No rendering within frame.
- sameorigin
No rendering if origin mismatch.
Example
X-Frame-Options: <text>
Parse
Enter a X-Frame-Options header below to parse and return details about it.
Reference
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options