How to Configure Frames With X-Frame-Options Header

The X-Frame-Options header is an HTTP response header indicating if a browser can use particular instructions such as “frame,” “iframe,” and “embed.” This header is essential to prevent clickjacking attacks.

By controlling permissible instructions, website owners can prevent content from being embedded on other sites. However, the instruction only works on web browsers that recognize and support X-Frame-Options.

Most popular web browsers today support the X-Frame-Options header. They include:

  • Google Chrome
  • Mozilla Firefox
  • Internet Explorer
  • Microsoft Edge
  • Safari
  • Opera.

When to Configure the X-Frame-Options Header

On occasion, some frame content may not load in some browsers. This failure to load will result in an (often) glaringly blank space on the web page. If this situation occurs, you may need to configure the X-Frame-Options header.

You can also check for this error by loading the developer console or developer tools in your browser. The console should highlight X-Frame-Options header errors with messages such as “

Refused to display ‘’ in a frame because it set ‘X-Frame-Options’ to ‘sameorigin.’

How to Configure the X-Frame-Options Header

Most hosting accounts will set the default X-Frame-Options header as “sameorigin.” This setting should work fine if that is your intention. If you want to share content on various websites, then the X-Frame-Options header must be disabled. 

To disable the header:

  • Step 1. Log into the SPanel account for your website.
How to Configure Frames With X-Frame-Options Header, How to Configure the X-Frame-Options Header
  • Step 2. Click on “File Manager” in the “Files” section, then navigate to your public_html directory.
How to Configure Frames With X-Frame-Options Header, How to Configure the X-Frame-Options Header 2
  • Step 3. Click the “.htaccess” file and select “Edit” to open it.
How to Configure Frames With X-Frame-Options Header, How to Configure the X-Frame-Options Header 3
  • Step 4. Add the following instruction to the .htaccess file, then save the file when exiting.

# X-Frame-Options
<IfModule mod_headers.c>
Header set X-Frame-Options “SAMEORIGIN”

Understanding Clickjacking

While frames are helpful to optimize performance in content display, they can also be made use of by attackers. These attacks make use of frames to make them click on specific elements like buttons or links.

The term “clickjacking” originates from this – the hijack of what should be regular content of a website and diverting visitor actions elsewhere. Clickjacking is bad for site owners and visitors. The former loses potential clicks and may suffer reputational damage. 

Consequences for site visitors can range from mild (annoyance at diversion) to severe (diversion towards harmful content such as malware).

Was this helpful?

What’s your goal today?

1. Find the right Managed VPS solution

If you’re looking for industry-leading speed, ease of use and reliability Try ScalaHosting with an unconditional money-back guarantee.

2. Make your website lighting fast

We guarantee to make your WordPress site load in less than 2 seconds on a managed VPS with ScalaHosting or give your money back. Fill out the form, and we’ll be in touch.

Please enter a valid name
Please enter a valid website
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

3. Streamline your clients’ hosting experience

If you’re a web studio or development agency hosting more than 30 websites, schedule a call with Vlad, our co-founder and CTO, and see how we can deliver unmatched value to both your business and your clients.


Need a custom cluster or professional advice?

Book a meeting and get a free 30-minute consultation with Vlad, co-founder & CTO of Scala Hosting, who will help you select, design and build the right solution - from a single data center cluster to a multi-region & multi-datacenter high availability cluster with hundreds of servers.

Book a free consultation

4. Learn how to grow your website in 2024

An all-star team of SEO and web influencers are sharing their secret knowledge for the first time in years. Learn about the future of SEO, Web Design best practices and the secrets to getting the foundation for your website to thrive. Watch the exclusive webinar.

An Exclusive Insiders Look Behind The SEO and Web Development Curtain


Working in the web hosting industry for over 13 years, Rado has inevitably got some insight into the industry. A digital marketer by education, Rado is always putting himself in the client's shoes, trying to see what's best for THEM first. A man of the fine detail, you can often find him spending 10+ minutes wondering over a missing comma or slightly skewed design.