Highest Voted 'x-frame-options' Questions - Server Fault Stack Exchange

7

votes

2 answers

How can the x-frame-options HTTP header of ADFS 3 be manipulated?

By default, ADFS 3 responses contain the "X-Frame-Options: DENY" HTTP header. This prevents ADFS from being run in an iframe, because this presents an opportunity for clickjacking attacks. At the moment my company is however implementing an…

asked Jun 16 '15 at 10:35

wkampmann

71
1
5

4

votes

2 answers

Apache 2.4: Header unset in does not work

We are running apache 2.4 in order to serve our typo3 generated websites. In general we want to have the X-Frame-Options SAMEORIGIN Header present for all requests. With one exception. For a specific URL this Header should be unset, since it has to…

apache-2.4 http-headers typo3 x-frame-options

asked Jul 29 '16 at 14:00

Tobias Wolf

71
1
4

4

votes

2 answers

X-Frame Options

I am struggling with the X-Frame-Options. I have a HTML page and want to include (with an iframe) another HTML page. The first warning said: Refused to display ../map.html in a frame because it set 'X-Frame-Options' to 'DENY'. I tried this: …

apache-2.2 x-frame-options

asked Jul 09 '14 at 15:23

Lonneke

61
1
1
4

3

votes

1 answer

Disabling X-FRAME-OPTIONS in SharePoint

I'm trying to display an Excel document from SharePoint2010 Excel Services in an iframe. But I'm getting an error due to the x-frame-options header. I have access to the to SharePoint server and all online searches tell me to go to IIS Manager ->…

sharepoint x-frame-options

asked Jul 04 '12 at 00:14

nthpixel

153
1
7

2

votes

2 answers

How can I add X-Frame-Options selectively using Apache?

I am planning to set X-Frame-Options SAMEORIGIN in my server's httpd.conf as part of improving the defenses against click jacking. I understand this will add the X-Frame-Options header to all pages. There is a "widget" page that I would like to…

apache-2.2 x-frame-options

asked Sep 27 '10 at 07:10

Manoj Govindan

123
1
1
4

1

vote

1 answer

Is it safe to use the X-Frame-Options Allow-From directive

I've been trying to find the answer to this but haven't been able to find anything definitive. For X-Frame-Options, it seems there is only limited support for the 'Allow-From' option which allows you to whitelist a URL which can embed your site in…

apache-2.2 nginx http http-headers x-frame-options

asked Oct 03 '16 at 14:03

jawilson

111
2

1

vote

1 answer

Nginx X-Frame Options, Iframe Wordpress

Using Wordpress on Nginx. I am receiving these errors but I can't seem to find out where in my Nginx options I have specified this 'DENY' header. Multiple 'X-Frame-Options' headers with conflicting values ('SAMEORIGIN, DENY') encountered when…

nginx x-frame-options

asked Sep 07 '16 at 16:56

JoaMika

479
2
9
20

0

votes

1 answer

Disabling X-FRAME-OPTION: SAMEORIGIN HTTP Response Header on SharePoint/PowerPivot xlsviewer.aspx

I need to frame a page being served by SharePoint 2010's xlsviewer.aspx but this page is setting the HTTP response header X-FRAME-OPTION to SAMEORIGIN, so IE8 refuses to render the page in a frame on another domain, which is what I need. It appears…

sharepoint http powerpivot x-frame-options

asked May 20 '10 at 17:36

Daniel Coffman

103
1
5

Questions tagged [x-frame-options]