What Is X-Frame-Options
X-Frame-Options is a web server configuration that switches On/Off the ability to embed a webpage onto another webpage that is of a different domain name (primarily via iframe). Most modern browsers already have a built-in feature that stops a main webpage from communicating with the iframed webpage and vise-versa if the domains do not match or if the protocols (HTTP and HTTPS) do not match. This web browser feature itself does the heavy lifting in security. The X-Frame-Options is mainly to prevent click spoofing of a webpage but is rarely a security concern of a live chat system.
There are few benefits of switching Off the X-Frame-Options just for the PHP Live! system:
Mobile App And X-Frame-Options
The Mobile App will need to load some areas into the application to communicate with your PHP Live! system. If your server does have X-Frame-Options enabled, you can simply switch off the feature just for PHP Live!.
Due to website development and layout benefits outweighing the potential click spoofing issue, 99% of all the websites that exists on the internet has the setting Off by default. The statistics can be viewed at trends.builtwith.com.
The X-Frame-Options can be switched Off just for the PHP Live! system, not your entire website. Here is how:
Is your website using Sucuri website protection? The following documentation will detail more information about iFrame and Sucuri service:
Was this helpful?
could be more helpful? send comment