Website cannot be loaded in iframe because of 'X-Frame-Options'

One of our websites (demo.nopcommerce.com) works just fine.

But when I reference it in “iframe” from some other website (other subdomain of the same website) and try to open, then sometimes it works fine, but sometimes I’m getting the following error - “Refused to display ‘hyperlink to website’ in a frame because it set ‘X-Frame-Options’ to ‘sameorigin’.”

Please note that it happens only sometimes. We also explicitly return “sameorigin” value from our website as described - https://stackoverflow.com/questions/16484293/adding-x-frame-options-header-to-all-pages-in-mvc-4-application/22105445#22105445

I presume that it’s somehow related to CloudFlare. Does CloudFlare change ‘X-Frame-Options’ value? Can it be configured somewhere in CloudFlare?

I’ve never seen Cloudflare interfere with X-Frame-Options, and I use iframe internally, and externally, and I set my own X-Frame-Options headers. Start digging around for places where those sites set this header.

This topic was automatically closed after 14 days. New replies are no longer allowed.