X-Frame-Options

HTTP response header

X-Frame-Options is an obsolete header to instruct the browser to allow rendering a page within a frame or iframe. The header is used to enable the Clickjacking protection.

Header usage statistics

X-Frame-Options response header information and usage statistics.

Websites using header X-Frame-Options 9,648,730
Percentage of websites that use X-Frame-Options header 9.74%
Total discovered header values 10,001
Header uses directives Yes
Header values are unique or random No
Most popular in the country United States of America

X-Frame-Options Directives (3 total)

  • allow-from
  • deny
  • sameorigin

X-Frame-Options Directives

X-Frame-Options directives value information and usage statistics

Directive Share Websites count Unique Values
sameorigin 78.39% 7,563,212 3
deny 19.98% 1,928,219 1
allow-from <0.1% 1,862 79

Connected technologies

Technologies that utilize the header

Kajabi, category Ecommerce, total 17,936 websites
Contentful, category Content Management System, total 13,705 websites

Distribution by websites popularity

X-Frame-Options detection in the top websites by popularity

Top 10k sites 4,335 websites
Top 100k sites 34,901 websites
Top 1m sites 269,216 websites

Websites utilizing X-Frame-Options

List of websites that use X-Frame-Options header

Domain Country Rank Contacts
www.facebook.com Ireland 2
google.com United States of America 3
www.google.com United States of America 3
wordpress.org United States of America 4
s.w.org United States of America 5
youtube.com United States of America 6
See full domain list
Flat price per the report, subscription is not required.

Geographical Distribution

Header usage distribution by websites across the globe.






Common header values

List of top common X-Frame-Options header values

Header value Value prevalence
SAMEORIGIN 77.80%
DENY 19.10%
ALLOWALL 1.05%
SAMEORIGIN, SAMEORIGIN 0.25%
GOFORIT 0.23%
ALLOW-FROM https://my.bigcartel.com 0.14%
ALLOW-FROM https://app.kajabi.com 0.13%
ALLOW 0.11%
allow-from https://engine.prosites.com/ 0.08%
ALLOW-FROM https://www.lodgify.com/ 0.04%
SAMEORIGIN, SAMEORIGIN, SAMEORIGIN, SAMEORIGIN 0.04%
ALLOW-FROM dashboard.pixieset.com 0.04%
* 0.04%
SAMEORIGIN,SAMEORIGIN 0.02%
sameorigin allow-from www.facebook.com 0.02%
Allow-From https://my.livechatinc.com/ 0.02%
ALLOW-FROM https://secure.simplepart.com 0.02%
ALLOW-FROM *.dataoke.com 0.02%
ALLOW-FROM * 0.02%
SAMEORIGIN; 0.02%