X-Frame-Options HTTP header

  • Spec: Other
  • Usage: 12.05% + 83.04% = 95.09%

An HTTP header which indicates whether the browser should allow the webpage to be displayed in a frame within another webpage. Used as a defense against clickjacking attacks.

IE Edge Firefox Chrome Safari Opera iOS Safari Opera Mini Android Browser Blackberry Browser Opera Mobile Chrome for Android Firefox for Android IE Mobile UC Browser for Android Samsung Internet QQ Browser Baidu Browser
49
56 9.3 4.4
14 52 57 10 10.0-10.2 4.4.3-4.4.4 4
11 15 53 58 10.1 44 10.3 all 56 10 37 57 52 11 11.4 5 1.2 7.12
54 59 TP 45
55 60 46
56 61

Notes

Partial support refers to not supporting the ALLOW-FROM option. The X-Frame-Options header has been obsoleted by the frame-ancestors directive from Content Security Policy Level 2.

Links