Issue: “Refused to display in a frame because it set ‘X-Frame-Options’ to ‘SAMEORIGIN'”

3

min

quiz

You may encounter this issue if you have installed our snippet with the option “Cross-Domain tracking” which needs the hosting of a static resource (an iFrame) on your main domain.

This iFrame will be loaded whenever, during the visitor’s journey, the page URL does not match the main domain of your website.

The iFrame HTML file is static and contains only immuable code used to save and restore visitor data in the Local Storage.

To know more you can read this documentation

How to fix this issue?

The X-Frame-Options HTTP response header can be used to indicate whether or not a browser should be allowed to render a page in a <frame>, <iframe>, <embed> or <object>. Sites can use this to avoid click-jacking attacks, by ensuring that their content is not embedded into other sites.

For more details please follow Mozilla developers documentation

To enable cross-domain tracking, the Kameleoon iFrame must load on all your domains, so you must not set an X-Frame-Options response header.

Please also note that you can secure the iFrame by providing a restricted list of domains (e.g., your own domains and subdomains) that are able to call the iFrame. This list must be provided inside the static iFrame file that will be hosted on your side.