Reputation: 1894
Ignore X-frame-header using javascript
I would like to ignore X-frame header on my website so that iframe can load external websites. There are chrome extension like this one which works perfectly. How can I implement same concept through javascript?
Upvotes: 1
Views: 3645
Answers (1)
Reputation: 88388
You can’t use frontend JavaScript code running in a browser to cause the X-Frame-Options response header to be ignored. X-Frame-Options is a security feature designed in part as a defense against clickjacking attacks. If any site could just use some JavaScript code to cause browsers to ignore X-Frame-Options, that would pretty much make it completely useless.
That’s the reason why the only way you can cause it to be ignored in your own browser is by intentionally opting-in to insecure browsing by installing an extension as mentioned in the question.
But you can’t use JavaScript to force insecure browsing on other users by bypassing security features like X-Frame-Options that browsers have built-in support for.
Upvotes: 5
Related Questions
- How can I set 'X-Frame-Options' on an iframe?
- Detect X-Frame-Options
- I need to remove or ignore the X-Frame-Options header. Should I use a proxy?
- How to suppress X-Frame-Options SAMEORIGIN response header?
- Can I apply X-Frame-Options header and people still use <iframe> with my website
- Refused to display in a frame , because it set 'X-Frame-Options' to 'SAMEORIGIN'
- Multiple 'X-Frame-Options' headers with conflicting values
- Workaround for X-Frame-Options:deny or sameorgin?
- Refused to display a website in a frame because of its 'X-Frame-Options'
- Prevent browser from loading a custom frameset in an iframe's document