Copied to clipboard

Flag this post as spam?

This post will be reported to the moderators as potential spam to be looked at


  • dale ong 1 post 71 karma points
    May 03, 2018 @ 11:05
    dale ong
    0

    How to show my site in a frame

    Hi,

    For me to start using a function in Yandex Metrica, i have to make sure that my site is not protected against showing in a frame. How do i go about doing that?

    This is what Yandex Metrica told me: Hello, Dale!

    As we see, your site is using the protect against showing in a frame (the site returns a header X-Frame-Options: SAMEORIGIN ).

    If your site is protected from being shown in an iframe (the server settings use the X-Frame-Optionsheader), the collected data won't be available for viewing. In order to view data about site traffic, you need to add an exception to the server settings for the webvisor.com domain and its subdomains, as well as for your site domain.

    Use the regular expression

    ^https?:\/\/([^\/]+\.)?(yourdomain\.com|webvisor\.com)\/
    

    If you use nginx, add the following exceptions to your configuration:

    location / { 
      set $frame_options ''; 
      if ($http_referer !~ '^https?:\/\/([^\/]+\.)?(yourdomain\.com|webvisor\.com)\/') { 
        set $frame_options 'SAMEORIGIN'; 
      } 
      add_header X-Frame-Options $frame_options; ... 
    }
    

    where yourdomain.com is the site's domain name. Use your site's domain zone (it may differ from .com).

    Thanks, Dale

  • kows 81 posts 151 karma points c-trib
    May 07, 2018 @ 13:32
    kows
    1

    I would look into CSP & frame-ancestors. Allows you to define multiple domains to allow loading through iframes. This can be managed in the web.config

    https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors

    https://stackoverflow.com/questions/37992225/config-your-iis-server-to-use-the-content-security-policy-header

  • Dan Diplo 1554 posts 6205 karma points MVP 5x c-trib
    May 09, 2018 @ 12:03
    Dan Diplo
    0

    Look in your web.config file for a section that looks something like this:

    <httpProtocol>
      <customHeaders>
        <!-- Removed ASP.NET Header -->
        <remove name="X-Powered-By" />
        <!-- Prevent embedding site in iFrame -->
        <remove name="X-Frame-Options" />
        <add name="X-Frame-Options" value="sameorigin" />
      </customHeaders>
    </httpProtocol>
    

    Now remove these two lines from it:

    <remove name="X-Frame-Options" />
    <add name="X-Frame-Options" value="sameorigin" />
    

    That should do it.

Please Sign in or register to post replies

Write your reply to:

Draft