Instructs the browser if the current website can be embedded in HTML frame by another website. Since this allows the parent website to control the framed page, this creates a potential for data theft attacks ("clickjacking") and most sensitive websites won't allow them to be framed at all (deny) or just allow parts of them to be embedded in frames created by themselves only (samesite).

Value contains

Subtype

Subtype name

We have seen 76674 websites setting the X-Frame-Options HTTP header and 687 unique values of this header.

ipsec.pl SAMEORIGIN
www.snapchat.com DENY
dnsbelgium.be SAMEORIGIN
www.rue21.com SAMEORIGIN
www.okzfg9no6.com SAMEORIGIN
marketbiznes.ru DENY
allvegaspoker.com SAMEORIGIN
lovefilm.com SAMEORIGIN
yahoo.com SAMEORIGIN
groupon.co.in DENY
nationalpost.com SAMEORIGIN
runkeeper.com SAMEORIGIN
iprima.cz SAMEORIGIN
Relation: canonical
assembla.com SAMEORIGIN
elgrafico.mx SAMEORIGIN
btc-e.com DENY
paymaster.ru SAMEORIGIN
thesitewizard.com SAMEORIGIN
spoonful.com SAMEORIGIN
mac.gov.pl SAMEORIGIN
ravelry.com SAMEORIGIN
regions.com SAMEORIGIN, SAMEORIGIN
slashcam.com SAMEORIGIN
perfectmoney.com DENY
cheetahmail.com SAMEORIGIN

Web Cookies Scanner

Websites setting `X-Frame-Options` HTTP header

Web Cookies Scanner

Websites setting X-Frame-Options HTTP header

Websites setting `X-Frame-Options` HTTP header