X-Frame-Options

HTTP response header

X-Frame-Options is an obsolete header to instruct the browser to allow rendering a page within a frame or iframe. The header is used to enable the Clickjacking protection.

Header usage statistics

X-Frame-Options response header information and usage statistics.

Websites using header X-Frame-Options9,889,452
Percentage of websites that use X-Frame-Options header9.80%
Total discovered header valuesMore than 10,000
Header uses directivesYes
Header values are unique or randomNo
Most popular in the country US

X-Frame-Options directives (3 total)

  • allow-from
  • deny
  • sameorigin

X-Frame-Options Directives

X-Frame-Options directives value information and usage statistics

DirectiveShareWebsites countUnique Values
sameorigin79.00%7,812,4742
deny19.59%1,937,0921
allow-from<0.1%1,96631

Connected technologies

Technologies that utilize the header

Kajabi, category Ecommerce, total 19,621 websites
Contentful, category Content Management System, total 14,674 websites

Distribution by websites popularity

X-Frame-Options detection in the top websites by popularity

Top 10k sites4,351 websites
Top 100k sites35,754 websites
Top 1m sites280,893 websites

Websites utilizing X-Frame-Options

List of websites that use X-Frame-Options header

See full domain list
Flat price per the report, subscription is not required.

Geographical Distribution

Header usage distribution by websites across the globe.






Common header values

List of top common X-Frame-Options header values

Header valueValue prevalence
SAMEORIGIN77.81%
DENY19.26%
ALLOWALL0.89%
SAMEORIGIN, SAMEORIGIN0.23%
GOFORIT0.21%
ALLOW-FROM https://my.bigcartel.com0.14%
ALLOW-FROM https://app.kajabi.com0.13%
ALLOW0.12%
allow-from https://engine.prosites.com/0.08%
ALLOW-FROM https://dashboard.pixieset.com0.06%
ALLOW-FROM https://www.lodgify.com/0.04%
*0.04%
SAMEORIGIN, SAMEORIGIN, SAMEORIGIN, SAMEORIGIN0.04%
ALLOW-FROM *0.03%
SAMEORIGIN,SAMEORIGIN0.03%
Allow-From https://my.livechatinc.com/0.02%
SAMEORIGIN;0.02%
ALLOW-FROM *.dataoke.com0.01%
SAME-ORIGIN0.01%
ALLOW=SAMEORIGIN, ALLOW=chat.visitor.chat0.01%