X-Frame-Options HTTP header
- OTHERAn HTTP header which indicates whether the browser should allow the webpage to be displayed in a frame within another webpage. Used as a defense against clickjacking attacks.
Chrome
- ﹖ 4 - 25: Support unknown
- ◐ 26 - 128: Partial support
- ◐ 129: Partial support
- ◐ 130 - 132: Partial support
Edge
- ✅ 12 - 18: Supported
- ◐ 79 - 128: Partial support
- ◐ 129: Partial support
Safari
- ﹖ 3.1 - 5: Support unknown
- ◐ 5.1 - 17.6: Partial support
- ◐ 18.0: Partial support
- ◐ 18.1 - TP: Partial support
Firefox
- ﹖ 2 - 3.6: Support unknown
- ◐ 4 - 17: Partial support
- ✅ 18 - 69: Supported
- ◐ 70 - 129: Partial support
- ◐ 130: Partial support
- ◐ 131 - 133: Partial support
Opera
- ﹖ 9 - 11.5: Support unknown
- ◐ 11.6 - 113: Partial support
- ◐ 114: Partial support
IE
- ❌ 5.5 - 7: Not supported
- ✅ 8 - 10: Supported
- ✅ 11: Supported
Chrome for Android
- ◐ 129: Partial support
Safari on iOS
- ﹖ 3.2 - 6.1: Support unknown
- ◐ 7 - 17.6: Partial support
- ◐ 18.0: Partial support
- ◐ 18.1: Partial support
Samsung Internet
- ◐ 4 - 24: Partial support
- ◐ 25: Partial support
Opera Mini
- ❌ all: Not supported
Opera Mobile
- ﹖ 10 - 12: Support unknown
- ◐ 12.1: Partial support
- ◐ 80: Partial support
UC Browser for Android
- ◐ 15.5: Partial support
Android Browser
- ﹖ 2.1 - 3: Support unknown
- ◐ 4 - 4.4.4: Partial support
- ◐ 129: Partial support
Firefox for Android
- ◐ 130: Partial support
QQ Browser
- ◐ 14.9: Partial support
Baidu Browser
- ◐ 13.52: Partial support
KaiOS Browser
- ✅ 2.5: Supported
- ◐ 3: Partial support
Partial support refers to not supporting the ALLOW-FROM
option.
The X-Frame-Options
header has been obsoleted by the frame-ancestors
directive from Content Security Policy Level 2.