This site will have limited functionality while we undergo maintenance to improve your experience. If an article doesn't solve your issue and you want to ask a question, we have our support community waiting to help you at @FirefoxSupport on Twitter and/r/firefox on Reddit.

Search Support

Avoid support scams. We will never ask you to call or text a phone number or share personal information. Please report suspicious activity using the “Report Abuse” option.

Learn More

Getting security warning even when X-Frame-Options: SAMEORIGIN added to subpage loaded in iframe

  • 2 replies
  • 0 have this problem
  • 6 views
  • Last reply by cor-el

more options

In our application we are opening a sub page in an iframe within the main page. Both pages are form the same Domain. Although we've added X-Frame-Options: SAMEORIGIN to the page loaded in the iframe, it still gives this error. Could you please suggest on how to solve this issues, what would I be missing?

Thanks in Advance! Shibu.

In our application we are opening a sub page in an iframe within the main page. Both pages are form the same Domain. Although we've added X-Frame-Options: SAMEORIGIN to the page loaded in the iframe, it still gives this error. Could you please suggest on how to solve this issues, what would I be missing? Thanks in Advance! Shibu.

All Replies (2)

more options

Hi Shibu, does your server send any Content-Security-Policy headers? This overrrides X-Frame-Options if both are sent:

https://developer.mozilla.org/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors

Otherwise, perhaps there is a more subtle mismatch in the protocol, host name, or port.

more options