Solution 1 :

No, if a site sets the X-Frame-Options response header to DENY then there is no way for you to override that setting.

It’s a security measure to prevent click-jacking attacks. You can read more about it in the MDN documentation.

Problem :

Is there any way to display a website (that is not mine) in iframe when it refuses to connect? I have no idea what x-frame-options is, and I was wondering if there is anyway to bypass that.


Comment posted by CORS

There is something called

Comment posted by Karen C

@Rojo Oh okay thanks!

Comment posted by Heretic Monkey

A simple web search for “x-frame-options” brings up about 5,170,000 Results…

Comment posted by hafichuk

Thanks for the question. Even though it’s very general it was helpful to me by mapping iframe to x-frame-options for further google searching.

Comment posted by Karen C

@hafichuk aww glad I helped