Help Desk Help Desk   Phone +1 (917) 409-7605 M-F 10am-6pm EST   Client Login  
Home
Features
Screenshots
Live Demo
Free Trial
Pricing
Help Desk
Search:
Help Desk » Mobile Application (iOS/Android) » Website "X-Frame-Options" setting
Website "X-Frame-Options" setting

What Is X-Frame-Options

X-Frame-Options is a web server configuration that switches On/Off the ability to embed a webpage onto another webpage that is of a different domain name (primarily via iframe).  Most modern browsers already have a built-in feature that stops a main webpage from communicating with the iframed webpage and vise-versa if the domains do not match or if the protocols (HTTP and HTTPS) do not match.  This web browser feature itself does the heavy lifting in security.  The X-Frame-Options is mainly to prevent click spoofing of a webpage but is rarely a security concern of a live chat system.

 

There are few benefits of switching Off the X-Frame-Options just for the PHP Live! system:

  1. Ability to utilize the PHP Live! system on multiple domains with one installation.
  2. Create custom page that embeds the chat request window on the page and other integration methods.
  3. Ability to utilize the PHP Live! mobile application.

 

Mobile App And X-Frame-Options

The Mobile App will need to load some areas into the application to communicate with your PHP Live! system.  If your server does have X-Frame-Options enabled, you can simply switch off the feature just for PHP Live!.

 

X-Frame-Options Statistics

Due to website development and layout benefits outweighing the potential click spoofing issue, 99% of all the websites that exists on the internet has the setting Off by default.  The statistics can be viewed at trends.builtwith.com.

 

The X-Frame-Options can be switched Off just for the PHP Live! system, not your entire website.  Here is how:

 

 

How To Switch Off X-Frame-Options Just For The PHP Live! System:

 

Method 1. .htaccess

Create a .htaccess file inside the PHP Live! directory and include the following line in the .htaccess file (restart of the web server is not required with the .htaccess method):

 

Header always unset X-Frame-Options

 

 

Method 2. Web Server Configuration: Request URI

Place the following two lines anywhere in the Virtual Host area and restart or graceful restart your web server (replace the /phplive with the directory name of your PHP Live! system if different):

 

SetEnvIf Request_URI /phplive x_frame_allow
Header set X-Frame-Options SAMEORIGIN env=!x_frame_allow

 

 

Method 3. Web Server Configuration: Domain or Sub Domain

Place the following two lines anywhere in the Virtual Host area and restart or graceful restart your web server (replace the livechat.yourdomain.com with the domain name of your PHP Live! system):

 

SetEnvIf Host livechat.yourdomain.com x_frame_allow
Header set X-Frame-Options SAMEORIGIN env=!x_frame_allow

 

 

Is your website using Sucuri website protection?  The following documentation will detail more information about iFrame and Sucuri service:

 

https://www.phplivesupport.com/help_desk.php?docid=137

Was this helpful?
could be more helpful? let us know