X-Frame-Options HTTP Header

X-Frame-Options

Clickjacking protection.

Accepted Values

Multiple options from the list below are allowed, each seperated by a space. Some options take a value, and that is preceded with an = after the option.
allow-from="<url>"

Allow from specified location.

allow-from="https://yourwebsite.com/url"
allowall

Non-standard, allow from any location.

deny

No rendering within frame.

sameorigin

No rendering if origin mismatch.

Example

X-Frame-Options: deny sameorigin allow-from="https://yourwebsite.com/url"

Parse

Enter a X-Frame-Options header below to parse and return details about it.

Reference

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options