X-Frame-Options - Cloudflare - Can't open the website

I have a problem with my site ** tiger-green.fr ** which uses Cloudflare.

Call the site without www from firefox, it is displayed.
(Sometimes, but not always, I sometimes have error 521 cloudflare, it seems to be another problem.)

When I use “Firefox Developper”, or, “Brave Browser”, or “Edge” I cannot access the site: “** tiger-green.fr **”

Blocked by X-Frame-Options policy
An error occurred during a connection to [www.tiger-green.fr.]
Firefox Developer Edition prevented this page from loading in this context because the page’s X-Frame-Options policy does not allow it. )

However, Facebook manages to display it, but also Firefox + Tor Browser + Chromium + Android are OK.

When I test in Edge, tiger-green.fr does not appear, the error message is as follows: cannot be displayed in a frame (but which frame?) Whereas if I put [www.tiger- green.fr] the site is displayed immediately!

The link to my VirtualHost:
https://wiki.visionduweb.fr/index.php?title=VirtualHosts_des_domaines_enregistrés#tiger-green.fr_.C3.A9coute_du_port_SSL_443

X-Frame-Options policy is necessary for security reasons.
I do not understand.

An idea ?


J’ai un problème avec mon site tiger-green.fr qui utilise Cloudflare.

Appeler le site sans www depuis firefox, ça s’affiche.
( Parfois, mais, pas toujours, j’ai parfois erreur 521 cloudflare, ça semble être un autre problème. )

Quand j’utilise “Firefox Developper”, ou, “Brave Browser”, ou “Edge” je n’arrive PAS à accéder au site : “tiger-green.fr

Bloqué par la politique X-Frame-Options
Une erreur est survenue pendant une connexion à [www.tiger-green.fr.]
Firefox Developer Edition a empêché le chargement de cette page dans ce contexte car la politique X-Frame-Options de la page ne l’autorise pas. )

Pourtant, Facebook arrive à l’afficher mais aussi Firefox + Tor Browser + Chromium + Android sont OK.

Quand je test sous Edge, tiger-green.fr ne s’affiche pas, le message d’erreur est le suivant : ne peut pas être affiché dans un cadre ( mais quel cadre ? ) alors que si je met [www.tiger-green.fr] le site s’affiche immédiatement !

Le lien vers mon VirtualHost :
https://wiki.visionduweb.fr/index.php?title=VirtualHosts_des_domaines_enregistrés#tiger-green.fr_.C3.A9coute_du_port_SSL_443

La politique de X-Frame-Options est nécessaire pour des raisons de sécurité.
Je ne comprend pas.

Une idée ?

It looks like you’re working on the headers. Is it working now?

With Tor Browser, and Firefox perfect.

With Firefox Developper, Chromium, Brave Browser, Edge, i can’t connect to my website tiger-green.fr and to be redirect to https://www.tiger-green.fr

I have the same error message, blocked by policy X origin

Now, i have add http://tiger-green.fr in the CSP.
The, i can use the website in http:// but i can’t have the redirection auto to https://
This method is really not good, what can i do !??

If i add www. in the url from the browser then i can use the site with https://www

I want, if i write tiger-green.fr, the redirection give https://www.tiger-green.fr

HSTS is safe, then, i don’t know for solved this configuration.
https://hstspreload.org/?domain=tiger-green.fr

Test headers : https://securityheaders.com/?q=tiger-green.fr

My VHost : https://paste.debian.net/1135515/

This topic was automatically closed after 30 days. New replies are no longer allowed.