X-Frame-Options

HTTP response header

X-Frame-Options is an obsolete header to instruct the browser to allow rendering a page within a frame or iframe. The header is used to enable the Clickjacking protection.

Header usage statistics

X-Frame-Options response header information and usage statistics.

Websites using header X-Frame-Options 5,127,146
Percentage of websites that use X-Frame-Options header 9.56%
Total discovered header values 9,552
Header uses directives Yes
Header values are unique or random No
Most popular in the country United States of America

X-Frame-Options Directives (3 total)

  • allow-from
  • deny
  • sameorigin

X-Frame-Options Directives

X-Frame-Options directives value information and usage statistics

Directive Share Websites count Unique Values
sameorigin 28.42% 1,457,013 2
deny 5.98% 306,363 1
allow-from <0.1% 300 28

Connected technologies

Technologies that utilize the header

Contentful, category Content Management System, total 7,408 websites
Kajabi, category Ecommerce, total 5,642 websites

Distribution by websites popularity

X-Frame-Options detection in the top websites by popularity

Top 10k sites 4,424 websites
Top 100k sites 20,854 websites
Top 1m sites 178,531 websites

Websites utilizing X-Frame-Options

List of websites that use X-Frame-Options header

Domain Country Rank Contacts
www.facebook.com United States of America 2
twitter.com United States of America 3
youtube.com United States of America 4
www.youtube.com United States of America 4
google.com United States of America 5
www.google.com United States of America 5
See full domain list
Flat price per the report, subscription is not required.

Geographical Distribution

Header usage distribution by websites across the globe.






Common header values

List of top common X-Frame-Options header values

Header value Value prevalence
SAMEORIGIN 80.35%
DENY 17.04%
ALLOWALL 0.81%
SAMEORIGIN, SAMEORIGIN 0.33%
GOFORIT 0.26%
ALLOW-FROM https://app.kajabi.com 0.11%
allow-from https://engine.prosites.com/ 0.07%
ALLOW 0.06%
SAMEORIGIN, SAMEORIGIN, SAMEORIGIN, SAMEORIGIN 0.06%
ALLOW-FROM https://www.lodgify.com/ 0.04%
* 0.04%
SAMEORIGIN,SAMEORIGIN 0.03%
sameorigin allow-from www.facebook.com 0.02%
Allow-From https://my.livechatinc.com/ 0.02%
ALLOW-FROM https://www.facebook.com/ https://oauth.securevetsource.com/ https://accounts.google.com/ https://accounts.google.co.in/ 0.02%
ALLOW=SAMEORIGIN, ALLOW=chat.visitor.chat 0.02%
SAME-ORIGIN 0.01%
ALLOW-FROM * 0.01%
SAMEORIGIN; 0.01%
DENY, SAMEORIGIN 0.01%