function readOnly(count){ }
Starting November 20, the site will be set to read-only. On December 4, 2023,
forum discussions will move to the Trailblazer Community.
+ Start a Discussion
Paul MannPaul Mann 

iFrame Issue

I'm working on a sites page and just got the italicized message below from our web developers. I've had SFDC disable clickjack protections but it didn't work; should I ask them to allow a higher trust setting? Any other advice? Thanks!

The "X-Frame-Options" header needs to be set on the page being embedded in the iFrame (not the calling/parent page), which would be the page being delivered from the "" domain.

"X-Frame-Options" is used on pages to control if, and when, a page can be displayed in an iFrame.  Currently, the page coming from "" has this set to "SAMEORIGIN", which is why this is not working.  Whoever is responsible for "" will need to remove the "X-Frame-Options" header completely.  The "ALLOW-FROM" option is not fully supported across all browsers, so it is not recommended to use that method.

You will need to contact "" about this matter as there is nothing we can do on our end to have this work.  If "" cannot do this, then the only other option you have is to provide a link on that page that points to the URL you are trying to embed in the iFrame.
When you write "I've had SFDC disable clickjack protections" - where are you talking about?

If you go to the Site settings - Setup > Develop > Sites > [your site name] -- what is shown for Clickjack Protection Level there? If you edit the site and set that to "Allow framing by any page (no protection)" does that allow your iframed Sites page to work? 
Missy LongshoreMissy Longshore
Yes, it works!!! Thank you Thomas, you're the best!!!