X-Frame-Options HTTP Header

X-Frame-Options

Clickjacking protection.

Accepted Values

The header accepts text in an appropriate format.

allow-from="<url>"

Allow from specified location.

allow-from="https://yourwebsite.com/url"
allowall

Non-standard, allow from any location.

deny

No rendering within frame.

sameorigin

No rendering if origin mismatch.

Example

X-Frame-Options: <text>

Parse

Enter a X-Frame-Options header below to parse and return details about it.

Reference

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options