Website iframe not loading (x-frame-options)
The problem is the x-frame-options setting on the tracked site. That setting specifically disallows your website to be displayed inside an iframe on external domains.
The error message often is "site could not be displayed in a frame because it set 'X-Frame-Options' to 'sameorigin'. " or "Refused to display 'https://xxx.com' in a frame because it set 'X-Frame-Options' to 'sameorigin".
Solution A: Set the correct HTTP headers
Best way is to add the correct headers to the tracked site. Those headers will allow only the UXWizz dashboard domain to load your website in an iframe.
If you are using Apache, add this to .htaccess:
Header always set X-Frame-Options "SAMEORIGIN"
Header set Content-Security-Policy "frame-ancestors 'self' your-uxwizz.com;"
If you are using Nginx, add this line to your site's configuration:
add_header Content-Security-Policy "default-src 'self'; frame-ancestors 'self' your-uxwizz.com;";
If you are using IIS, add this in web.config or in IIS:
<add name="Content-Security-Policy" value="upgrade-insecure-requests; base-uri 'self'; frame-ancestors 'self' https://www.your-uxwizz.com; form-action 'self'; object-src 'none';"/>
Header always set Cross-Origin-Resource-Policy "cross-origin"
add_header Cross-Origin-Resource-Policy "cross-origin"
Solution B: Disable the browser security policy (Not recommended)
Another, easier solution is to use a browser extension to display this security policy:
You can learn more about X-Frame-Options and Content-Security-Policy here: