X-Frame-Options
X-Frame-Options is used to tell the browser whether or not it is authorized to process a page in a frame, iframe, or object.
The three possible directives for X-Frame-Options are:
- X-Frame-Options: DENY
- X-Frame-Options: SAMEORIGIN
- X-Frame-Options: ALLOW-FROM url-from-source-site
DENY: The page can not be displayed in a frame.
SAMEORIGIN: The page can be displayed in a frame but the source must be the site itself.
ALLOW-FROM uri : The page can be displayed in a frame if the source is specified.
Anyway, in order for you to successfully display the content of another site in an iframe you must change the directive to:
ALLOW-FROM link
Probably the current option should be set to X-Frame-Options: SAMEORIGIN
This option can be configured on your web server or the header of the page where you want to display the iframe.
Examples:
Tag Header: x-frame-options: ALLOW-FROM url-source-site
Apache: add to httpd.conf: header always set x-frame-options "ALLOW-FROM url-from-site-source"