X-Frame-Options (1 of 442)

Instructs the browser if the current website can be embedded in HTML frame by another website. Since this allows the parent website to control the framed page, this creates a potential for data theft attacks ("clickjacking") and most sensitive websites won't allow them to be framed at all (deny) or just allow parts of them to be embedded in frames created by themselves only (samesite).

Reference...

We have seen 11041 websites setting the X-Frame-Options HTTP header and 270 unique values of this header.

www.snapchat.com DENY
yahoo.com SAMEORIGIN
www.workable.com SAMEORIGIN
www.google.com SAMEORIGIN
www.youtube.com SAMEORIGIN
lego.com DENY
www.nytimes.com DENY
www.theguardian.com SAMEORIGIN
seal.digicert.com SAMEORIGIN
www.bbc.co.uk SAMEORIGIN
www.thestar.com SAMEORIGIN
www.aftonbladet.se SAMEORIGIN
m.facebook.com DENY
adultfriendfinder.com SAMEORIGIN
mcb.mu SAMEORIGIN
www.facebook.com DENY
au.lifestyle.yahoo.com SAMEORIGIN
www.manutd.com SAMEORIGIN
www.theverge.com SAMEORIGIN
www.ilpost.it SAMEORIGIN
www.lastampa.it ALLOW-FROM *
sites.google.com SAMEORIGIN
www.blesk.cz SAMEORIGIN
www.tv.com SAMEORIGIN
tarpsnow.com SAMEORIGIN, SAMEORIGIN

Web Cookies Scanner

Websites setting `X-Frame-Options` HTTP header

Web Cookies Scanner

Websites setting X-Frame-Options HTTP header

Websites setting `X-Frame-Options` HTTP header