I have a number of tools that clients can use and I need them to be able to frame or access those utilities using similar methods. I recently moved a site from one server to another (that sounds A LOT easier than it was : ) and found that the tools could not no longer be accessed.

When looking at my http response headers (this is great fun on Friday nights!) I noticed this:

HTTP Status Code: HTTP/1.1 200 OK
Date: Fri, 12 Nov 2010 23:21:56 EST
Server: MAC Apache Pro
x-frame-options: SAMEORIGIN
Transfer-Encoding: chunked
Content-Type: text/html

See that SAMEORIGIN? that was in the httpd.ini file and needed to be removed. If you have WHM installed, you can disable X-FRAME-OPTION: SAMEORIGIN following these steps:

Under Main >> Service Configuration >> Apache Configuration >> Include Editor in WHM you'll see Pre Main Include.

Selected all versions from the Pre Main Include (selecting your version may NOT work) (pre_main_global.conf) and you'll see this:

Header always append x-frame-options SAMEORIGIN

Remove that, and you will effectively disable X-FRAME-OPTION


If you want to prevent people from framing your content, then simply ADD the statement above and you'll see you're new header - note that you'll need to restart Apache.

Not using Apache? IIS? Then simply open up the Internet Service Manager, click the HTTP Headers tab, then click the Add.. button in the Custom Headers section. In the text box for Customer Header Name enter "X-Frame-Options" and in the Custom Header Value field enter "DENY" or "SAMEORIGIN".

Hope that helps!

Solution: X-Frame-Options