All Collections
X Frame options in headers explained
X Frame options in headers explained

Some website url links are not able to be embedded, something PageProof requires to allow reviewers to see the url proof.

Gemma avatar
Written by Gemma
Updated over a week ago

If you create a proof from a url link and are presented with a message saying website owner doesn’t allow the site to be embedded, this means the website owner has added a parameter into the header of the website called X-Frame-Options and has specifically said the website can not be used by another website.

It’s a quick and easy edit to make to ensure your website can be reviewed and approved by your reviewers:

X-Frame options

Option 1

Remove the X-Frame-Options header from the website. You may need to ask your web designer/developer to do this if you don’t know how.

Option 2 – recommended

If you don’t want to remove the X-Frame-Options header from your website, you can set that the X-Frame-Options header only shows up for sites other than and * (this is recommended and requires just a little set-up).

Option 3

If your site sets frame-ancestors in the site header in regards to the site’s Content-Security-Policy setting, add * and to the list of frame-ancestors.

Once the proof is approved, any changes to the header that were made can be reverted.

If you have any questions, simply reach out to one of the PageProof team using the in-app chat.

Did this answer your question?