Skip to main content

How to Make iframes Work

Updated today

All sites hosted at Seravo has headers by default that prevents iframes on other sites.

Same-origin policy is a browser security feature that prevents unauthorized document and script use from one origin to another. All sites hosted at Seravo has X-Frame-Options: SAMEORIGIN header by default. It basically means that you can set up iframe only from the same origin (domain). That way another sites cannot steal your content by using for example iframe tags.

Allowing iframes

But headers can be modified if needed. If you want to give permission to another site to use iframe tag from your content, you can set up headers like this:

Old Browsers:
​X-Frame-Options: ALLOWALL
​
​Modern Browsers:
​Content-Security-Policy: frame-ancestors https://example.com

We recommend editing and setting the header info with PHP code or with suitable WordPress plugin.

Read more from our developer documentation.

Did this answer your question?