X-Frame-Options HTTP header
- OTHERAn HTTP header which indicates whether the browser should allow the webpage to be displayed in a frame within another webpage. Used as a defense against clickjacking attacks.
Chrome
- 4 - 25: Support unknown
- 26 - 116: Partial support
- 117: Partial support
- 118 - 120: Partial support
Edge
- 12 - 18: Supported
- 79 - 116: Partial support
- 117: Partial support
Safari
- 3.1 - 5: Support unknown
- 5.1 - 16.6: Partial support
- 17.0: Partial support
- 17.1 - TP: Partial support
Firefox
- 2 - 3.6: Support unknown
- 4 - 17: Partial support
- 18 - 69: Supported
- 70 - 116: Partial support
- 117: Partial support
- 118 - 120: Partial support
Opera
- 9 - 11.5: Support unknown
- 11.6 - 101: Partial support
- 102: Partial support
IE
- 5.5 - 7: Not supported
- 8 - 10: Supported
- 11: Supported
Chrome for Android
- 117: Partial support
Safari on iOS
- 3.2 - 6.1: Support unknown
- 7 - 16.6: Partial support
- 17.0: Partial support
- 17.1: Partial support
Samsung Internet
- 4 - 21: Partial support
- 22: Partial support
Opera Mini
- all: Not supported
Opera Mobile
- 10 - 12: Support unknown
- 12.1: Partial support
- 73: Partial support
UC Browser for Android
- 15.5: Partial support
Android Browser
- 2.1 - 3: Support unknown
- 4 - 4.4.4: Partial support
- 117: Partial support
Firefox for Android
- 117: Partial support
QQ Browser
- 13.1: Partial support
Baidu Browser
- 13.18: Partial support
KaiOS Browser
- 2.5: Supported
- 3: Partial support
Partial support refers to not supporting the ALLOW-FROM
option.
The X-Frame-Options
header has been obsoleted by the frame-ancestors
directive from Content Security Policy Level 2.