Can't Show Some Websites in Iframe Tag

iframe refuses to display

It means that the http server at cw.na1.hgncloud.com send some http headers to tell web browsers like Chrome to allow iframe loading of that page (https://cw.na1.hgncloud.com/crossmatch/) only from a page hosted on the same domain (cw.na1.hgncloud.com) :

Content-Security-Policy: frame-ancestors 'self' https://cw.na1.hgncloud.com
X-Frame-Options: ALLOW-FROM https://cw.na1.hgncloud.com

You should read that :

• https://developer.mozilla.org/en-US/docs/Web/Security/CSP
• https://developer.mozilla.org/en-US/docs/Web/Security/Same-origin_policy

how to block website from loading in iframe?

For modern browser, need to enable X-Frame-Options in Header,
The x-frame-options header can be implement through web server configuration settings.

You can view the X-Frame-Options in Header as like below image,

Reference: https://www.keycdn.com/blog/x-frame-options/

If your browser does not support it, then you will have NO clickjacking defense in place and can use HTTP Header Field X-Frame-Options,

  <meta http-equiv="X-Frame-Options" content="deny">

There are three possible values for X-Frame-Options:

DENY -
The page cannot be displayed in a frame, regardless of the site attempting to do so.

SAMEORIGIN -
The page can only be displayed in a frame on the same origin as the page itself.

ALLOW-FROM uri -
The page can only be displayed in a frame on the specified origin.

Why can't I embed a specific URL in an iframe?

By default iframe show in smaller size but if you set the height width it will show your content You can try this:

<html>
<head>
<style>
iframe {
    position:absolute;
    top:0;
    left:0;
    width:80%;
    height:80%;
}
</style>
</head>
<body>
    <iframe src="https://time.my-masjid.com/timingscreen/7695401e-d724-4adb-a188-ed33c2ce886e"></iframe>
</body>
</html>

---

Related Topics