There are sites that in fact can not be shown inside iframes. This is because these sites have "turned on" a security option called X-Frame-Options
.
This X-Frame-Options
is a header (you can say this) if it is one of the configuration parameters), and tells the Browser whether or not he is authorized to display the contents of that site in cases where the iframe and the source site are running in different domains.
The official ruling of the regulatory body (RFC7034) is:
To improve the protection of web applications against clickjacking ,
this document describes the X-Frame-Options
HTTP header field, which
declares a policy, communicated from the server to the client
browser, if the browser may display the transmitted
content in frames that are part of other web pages.
I would translate this:
To improve the protection of web applications against clickjacking ,
the document informs the HTTP header X-Frame-Options
, which
declares a policy or rule, communicated from the server to the client, about whether the browser can display the content in elements <frame>
, <iframe>
or <object>
inserted in other web pages.