Instructs the browser if the current website can be embedded in HTML frame by another website. Since this allows the parent website to control the framed page, this creates a potential for data theft attacks ("clickjacking") and most sensitive websites won't allow them to be framed at all (deny) or just allow parts of them to be embedded in frames created by themselves only (samesite).

Reference...

We have seen 75296 websites setting the X-Frame-Options HTTP header and 656 unique values of this header.

Fully automated RESTful API is now available. Subscribe for your free trial today!