UXWizz
WebsitePricingDemoTwitter (X)
  • Introduction
  • 🛠️ Installation
    • Requirements
      • Limitations
      • Server specs (CPU, RAM)
    • Installation guide
      • Uploading the script
      • Creating a MySQL database
      • Running the installer
    • Install on a new server
      • Ubuntu 20.04 (or higher)
      • DigitalOcean
    • Docker
      • Via Docker Compose
      • Standalone Docker image
    • Adding the tracking code
      • Automatic SPA pageview tracking
      • Add tracker to Next.js App
      • Add tracker to React Router App
    • Optimization tips
      • MySQL/MariaDB
      • Auto-delete old data (cron jobs)
      • Apache
    • Frequently Asked Questions
  • 🔧JavaScript API
    • Tags
    • Events
    • Hooks/callbacks
    • Other API functions
    • Session Recording
      • Ignore specific elements
  • 📖Guides and features
    • Goals (NEW!)
    • Ask AI (NEW!)
    • Basic usage
    • A/B testing
    • Usage tips
    • Dashboard user access level
    • Resetting the admin password
    • Database querying
    • Technical details
      • IP Geolocation
    • Troubleshooting
      • Agency
        • MultiDB
      • Dashboard
        • Refreshing dashboard sub-page leads to 404 error
        • Website iframe not loading (x-frame-options)
        • License says "invalid"
        • Updating Fails
      • Tracking
        • No data is being recorded
        • Can't include tracker via Google Tag Manager
        • The A/B test JS file is missing
      • WordPress
        • Cloudways 403 Forbidden screen on WordPress
        • NGINX 403 Forbidden screen on WordPress
    • Extending the dashboard
    • Support
    • Migrating to a new server
  • 🎓Useful Examples
    • Feedback form (polls)
    • Tracking 404 Pages
    • Tracking UTM parameters
    • Tracking Google Ads GCLID
    • Storing user device types
    • Track video playback
  • 📜About
    • Changelog
    • Personal Data Information
    • Privacy Policy (uxwizz.com)
    • Licenses and pricing
    • [Deprecated] License Subscriptions
Powered by GitBook
On this page

Was this helpful?

Last updated 1 year ago

Was this helpful?

Problem:

The website does not load when trying to view session recordings or heatmaps.

Cause:

The problem is the x-frame-options setting on the tracked site. That setting specifically disallows your website to be displayed inside an iframe on external domains.

The error message often is "site could not be displayed in a frame because it set 'X-Frame-Options' to 'sameorigin'. " or "Refused to display 'https://xxx.com' in a frame because it set 'X-Frame-Options' to 'sameorigin".

Solutions:

Allow the UXWizz dashboard domain to load your website inside an iframe.

Solution A: Set the correct HTTP headers

Best way is to add the correct headers to the tracked site. Those headers will allow only the UXWizz dashboard domain to load your website in an iframe.

Apache:

If you are using Apache, add this to .htaccess:

If the headers are not being set make sure AllowOverride is set to All in httpd.conf

Remember to replace (in the Headers above) your-uxwizz.com with the actual domain where you host your dashboard.

Nginx:

If you are using Nginx, add this line to your site's configuration:

Remember to replace (in the Headers above) your-uxwizz.com with the actual domain where you host your dashboard.

IIS (.NET):

If you are using IIS, add this in web.config or in IIS:

Remember to replace https://www.your-uxwizz.com with the actual domain where you host your dashboard.

Still not working?

Solution B: Disable the browser security policy (Not recommended)

Another, easier solution is to use a browser extension to disable this security policy:

Useful resources:

You can learn more about X-Frame-Options and Content-Security-Policy here:

If the iframe still can't be loaded, try adding this too:

Google Chrome:

Firefox:

<IfModule mod_headers.c>
  Header always set X-Frame-Options "SAMEORIGIN"
  Header set Content-Security-Policy "frame-ancestors 'self' your-uxwizz.com;"
</IfModule>
add_header Content-Security-Policy "default-src 'self'; frame-ancestors 'self' your-uxwizz.com;";
<add name="Content-Security-Policy" value="upgrade-insecure-requests; base-uri 'self'; frame-ancestors 'self' https://www.your-uxwizz.com; form-action 'self'; object-src 'none';"/>
# Apache
Header always set Cross-Origin-Resource-Policy "cross-origin"

# Nginx
add_header Cross-Origin-Resource-Policy "cross-origin"
  1. 📖Guides and features
  2. Troubleshooting
  3. Dashboard

Website iframe not loading (x-frame-options)

PreviousRefreshing dashboard sub-page leads to 404 errorNextLicense says "invalid"
  • Problem:
  • Cause:
  • Solutions:
  • Apache:
  • Nginx:
  • IIS (.NET):
  • Still not working?
  • Useful resources:
CORP header
https://chrome.google.com/webstore/detail/ignore-x-frame-headers/gleekbfjekiniecknbkamfmkohkpodhe
https://addons.mozilla.org/en-US/firefox/addon/ignore-x-frame-options-header/
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors
https://content-security-policy.com/examples/