If the origin isn’t included in the allowlist, Salesforce returns HTTP status code 403. From Setup, in the Quick Find box, enter CORS, and then select CORS. Select New.
Table of Contents
How do I give permission to put other sites in frames?
Note also that the X-Frame-Options header must grant permission from the page being displayed in the frame and not the page containing the <iframe> tag itself. You can’t give yourself permission to put other sites in a frame.
Why do some websites not allow other websites to frame content?
Some websites have a server setting that will not allow other websites to “frame” their content. This is mainly to protect their copyrights and direct traffic to their websites only. This is typically done by adding the following to Apache’s configuration ( httpd.conf file):
What are the errors with references to iFrames in the console?
In the developer console of a browser, you see the following errors with references to iFrames and observe the behavior of a Visualforce page or upload not functioning correctly in a community. Load denied by X-Frame-Options: <URL> does not permit framing.
Why does Refref refuse to display in a frame?
Refused to display <URL> in a frame because it set ‘X-Frame-Options’ to ‘deny’. Communities have their own Clickjack protection settings that must be adjusted to allow the use of iFrames in the Visualforce pages.
