x-frame-options

HTTP response header

X-Frame-Options is an obsolete header to instruct the browser to allow rendering a page within a frame or iframe. The header is used to enable the Clickjacking protection.

Header usage statistics

x-frame-options response header information and usage statistics.

Websites using header x-frame-options 1,774,347
Percentage of websites that use x-frame-options header 16.54%
Total discovered header values 4,786
Header uses directives Yes
Header values are unique or random No
Most popular in the country United States of America

x-frame-options Directives (3 total)

  • allow-from
  • deny
  • sameorigin

x-frame-options Directives

x-frame-options directives value information and usage statistics

Directive Share Websites count Unique Values
sameorigin 75.32% 1,336,391 6
deny 13.69% 242,904 1
allow-from <0.1% 253 79

Connected technologies

Technologies that utilize the header

Contentful, category Content Management System, total 3,276 websites

Distribution by websites popularity

x-frame-options detection in the top websites by popularity

Top 10k sites 4,418 websites
Top 100k sites 20,961 websites
Top 1m sites 180,888 websites

Websites utilizing x-frame-options

List of websites that use x-frame-options header

Domain Country Rank Contacts
www.facebook.com Ireland 2
twitter.com United States of America 3
youtube.com United States of America 4
www.youtube.com United States of America 4
google.com United States of America 5
www.google.com United States of America 5
See full domain list
Flat price per report, subscription is not required.

Geographical Distribution

Header usage distribution by websites across the globe.






Common header values

List of top common x-frame-options header values

Header value Value prevalence
SAMEORIGIN 83.26%
DENY 14.85%
ALLOWALL 0.54%
SAMEORIGIN, SAMEORIGIN 0.28%
GOFORIT 0.13%
ALLOW-FROM https://app.kajabi.com 0.08%
ALLOW 0.04%
* 0.02%
SAMEORIGIN,SAMEORIGIN 0.02%
: sameorigin 0.02%
ALLOW-FROM * 0.02%
SAMEORIGIN; ALLOW-FROM 'studio.auswaertiges-amt.de'; ALLOW-FROM 'www.auswaertiges-amt.de'; 0.02%
SAMEORIGIN, ALLOW-FROM *.cas.cn 0.01%
DENY, SAMEORIGIN 0.01%
SAMEORIGIN, SAMEORIGIN, SAMEORIGIN, SAMEORIGIN 0.01%
ALLOW-FROM https://my.cratejoy.com 0.01%
SAME-ORIGIN 0.01%
allow-from https://engine.prosites.com/ 0.01%
SAMEORIGIN, SAMEORIGIN, SAMEORIGIN 0.01%
ALLOW-FROM https://www.lodgify.com/ 0.01%