Tests the 'X-Frame-Options' header which prevents sites from being displayed inside an iframe.

This test will look for the presence of the 'X-Frame-Options' header and make sure it has a value of either SAMEORIGIN or DENY. If the header is missing or has a different value, a warning will be displayed.

This HTTP response header is used to prevent the page from being loaded inside of an iframe. A server can use this to protect against certain attacks and to prevent their content from being embedded in other websites.

For more information, please read our documentation of the X-Frame-Option Header or read our in-depth article about Security Headers.

Ready to validate your website for this test and 100+ others?