How to add HTTP headers 'X-Frame-Options' on iframe ? Last Updated : 28 Feb, 2020 Summarize Comments Improve Suggest changes Share Like Article Like Report Inline frame tag in HTML: The iframe tag is used to displaying or embedding another document within an HTML document. One of its attributes 'src' is used to specify the URL of the document which is to be displayed. A site's X-frame Options can prevent allowing the display of one HTML document within another. X-Frame Options: The X-Frame Options are not an attribute of the iframe or frame or any other HTML tags. It is a response header and is also referred to as HTTP security headers. This header tells the browser whether to render the HTML document in the specified URL or not. This plays an important role to prevent clickjacking attacks. Thus the X-Frame options cannot be set in the body of an HTML document. It is set by the domain from which the resource is requested. The X-Frame options available are: deny: It prevents any URL being rendered within the containers like iframe, frame, objects, applets. Even if the page is from same site, when the X-Frame option is set to 'deny', it is not rendered. SAMEORIGIN: It allows pages of same origin to be rendered. The page from the same site will be allowed to be displayed. ALLOW-FROM uri: It allows the HTML documents from the specified uri only. One can set the X-Frame Options in the web-config of the site which is to be loaded in an iframe. For configuring in IIS write: html <httpProtocol> <customHeaders> <add name="X-Frame-Options" value="sameorigin"/> </customHeaders> </httpProtocol> For configuring Apache: Header always set X-Frame-Options "sameorigin" Note: The browsers Edge (version 12 and above), Internet Explorer (version 8 and above) support ALLOW-FROM uri in X-Frame-Options. Comment More infoAdvertise with us Next Article HTTP headers | X-Frame-Options E erakshaya485 Follow Improve Article Tags : Computer Networks HTTP-headers Similar Reads HTTP headers | X-Frame-Options HTTP headers are used to pass additional information with HTTP responses or HTTP requests. The X-Frame-Options is used to prevent the site from clickjacking attacks. It defines whether or not a browser should be allowed to render a page in a <frame>, <iframe>, <embed>, or <objec 2 min read How to Set HTTP Headers Using Apache Server? HTTP headers are key-value pairs sent in HTTP requests and responses. They carry essential information about the request or response, such as content type, caching directives, and security policies. Setting HTTP Headers in Apache is a common requirement for enhancing the security, performance and fu 4 min read HTTP headers | X-Content-Type-Options The HTTP headers X-Content-Type-Options acts as a marker that indicates the MIME-types headers in the content types headers should not be changed to the server. This header was introduced in the Internet Explorer 8 of Microsoft. This header block the content sniffing (non-executable MIME type into e 1 min read How to Add Custom Response Header in Apache? Apache HTTP server is most widely used web server. it is known for its flexibility and extensive features. One of those great features is response headers. Custom response headers can be helpful for various purposes, such as enhancing security, improving caching mechanisms, or adding custom metadata 2 min read HTTP headers | X-Forwarded-Proto The HTTP headers are used to communicate between client and server. HTTP headers let the client and server pass additional information with an HTTP request or response. X-Forwarded-Proto (XPF) header is used to identifying the protocol that the client used to connect with a proxy or load balancer. I 2 min read How to Embed Video in Iframe in HTML? You can use Iframe to show videos on your web page and embedding videos are very simple. To do so you can use the iframe tag directly in your HTML. Let's see how we can embed the video in the iframe.Embedding Videos in HTMLTo embed a video, use the iframe tag with the video's URL. Set the width, hei 1 min read Like