Configuring Your Web Site to Unblock iFrame to Appear on Web Content Block

Modified on Mon, 22 Nov 2021 at 10:56 AM

This article is intended for web developers/website administrators/webserver administrators

Web Content Block is the latest and greatest addition to the Flow storyboard items. This is mainly used to display web content from your website whether it is a website, 3d model, or even an augmented reality walkthrough.

You can only open the websites that allow opening in an iFrame. For instance, you cannot simply open Facebook or Google. You must be the site owner to configure and unblock the iFrame restrictions.

What are X-Frame-Options?

X-Frame-Options is an HTTP response header. It is used to indicate whether a browser should allow a webpage to open in a Frame/iFrame, whether it can be embedded or represent as an external object (<frame>, <iframe>, <embed>, <object> tags). This helps to prevent crack-jacking attacks.

Why is this important?

Websites can use X-Frame-Options or a content security policy to control this behavior. If the x-frame option is configured to deny loading in a frame and only allowed from the same origin, then it won't load on the Flow web content block.

Configuraiton could be:

X-Frame-Options: DENY

X-Frame-Options: SAMEORIGIN


Your web administrator/developer should allow * on your end in the following way.

X-Frame-Options: DENY

X-Frame-Options: SAMEORIGIN, *

If the content security policy is used then configuration could be,

Content-Security-Policy: default-src 'self'

In this case, you should allow * on your end in the following way. 

Content-Security-Policy: default-src 'self' *


Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select atleast one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article