X-Frame-Options

HTTP response header

X-Frame-Options is an obsolete header to instruct the browser to allow rendering a page within a frame or iframe. The header is used to enable the Clickjacking protection.

Header usage statistics

X-Frame-Options response header information and usage statistics.

Websites using header X-Frame-Options 1,688,179
Percentage of websites that use X-Frame-Options header 14.77%
Total discovered header values 4,648
Header uses directives Yes
Header values are unique or random No
Most popular in the country United States of America

X-Frame-Options Directives (3 total)

  • allow-from
  • deny
  • sameorigin

X-Frame-Options Directives

X-Frame-Options directives value information and usage statistics

Directive Share Websites count Unique Values
sameorigin 61.72% 1,041,956 4
deny 7.55% 127,444 1
allow-from <0.1% 155 53

Distribution by websites popularity

X-Frame-Options detection in the top websites by popularity

Top 10k sites 4,156 websites
Top 100k sites 19,855 websites
Top 1m sites 169,745 websites

Websites utilizing X-Frame-Options

List of websites that use X-Frame-Options header

Domain Country Rank Contacts
twitter.com United States of America 3
google.com United States of America 5
www.google.com United States of America 5
s.w.org United States of America 6
www.youtube.com United States of America 14,442
www.facebook.com United States of America 22,750
See full domain list

Geographical Distribution

Header usage distribution by websites across the globe.






Common header values

List of top common X-Frame-Options header values

Header value Value prevalence
SAMEORIGIN 82.53%
DENY 15.33%
ALLOWALL 0.68%
SAMEORIGIN, SAMEORIGIN 0.41%
GOFORIT 0.14%
ALLOW-FROM https://app.kajabi.com 0.07%
ALLOW 0.04%
* 0.02%
SAMEORIGIN,SAMEORIGIN 0.02%
allow-from * 0.01%
ALLOW-FROM https://my.cratejoy.com 0.01%
DENY, sameorigin 0.01%
allow-all 0.01%
ALLOW-FROM dashboard.pixieset.com 0.01%
SAMEORIGIN, SAMEORIGIN, SAMEORIGIN 0.01%
SAME-ORIGIN 0.01%
ALLOW-FROM https://www.lodgify.com/ 0.01%
SAMEORIGIN, ALLOW-FROM *.cas.cn 0.01%
https://visitingmedia.com 0.01%
ALLOW-FROM https://app.journoportfolio.com 0.01%