X-Frames are set to deny

October 14, 2019 139 views
Apache

Hi,

I am facing issue of “Refused to display ’https://website.name’ in a frame because it set ‘X-Frame-Options’ to 'deny’.”

Due to this I am unable to load the content into my website.

Any help would be highly appreciated.

3 Answers

Hi @devsharma871,

You can add to .htaccess, httpd.conf or VirtualHost section

Header set X-Frame-Options SAMEORIGIN

this option should help you fix the problem.

Regards,
KDSys

  • Thank you. Can you please let me know about the files location? I am unable to locate the files.

  • Also, when I add the code to .htaccess file, it throws the error of “Deny and Sameorigin - falling back to deny”.

    I have also changed in the ssl-params.conf but nothing seems to be changed.

Also, changing apache2.conf doesn’t change anything at frontend.

http://prntscr.com/pj7gby

Do I need to restart the server as well? If yes, can you please let me know how can I do that ? Also, restarting the server can down my website? if it will then how can I recover that as well?

Please suggest.

  • Hi @devsharma871,

    Adding it to your domain’s virtual host should do the trick. Usually, you can find your virtual host at the following place

    /etc/httpd/
    

    Having said that, you’ll need to restart Apache in order for the changes to take effect.

    To test if your configuration is okay, you can do the following

    apachectl -t
    

    A little more information, this should be added in the VirtualHost block for the Domain in order to do the trick.

Have another answer? Share your knowledge.