We're in beta! Don't mind the bugs.
Helpful resources
Need more help?
Check out the Webflow community.
Free Webflow templates
The best free Webflow templates.
Hire a Webflow expert
Partner with a certified expert.
Rate this answer
Good
Good
Bad
Bad
Share
All posts
Custom code

How can we remove the X-Frame-Options and Content-Security-Policy headers in Webflow to enable embedding our website in another website?

Published on
September 22, 2023
Note
CommunityFAQ is not affiliated with Webflow. Click here if you'd like to visit Webflow's help resources.

To remove the X-Frame-Options and Content-Security-Policy headers in Webflow and enable embedding your website in another website, you will need to follow these steps:

  1. Log in to your Webflow account and navigate to the Project Settings for the specific project you want to modify.
  2. Go to the Hosting tab, which is located at the top of the Project Settings page.
  3. Scroll down to the section labeled "Security Headers."
  4. By default, Webflow adds the X-Frame-Options header with the value "SAMEORIGIN" and the Content-Security-Policy header with its own predefined set of values to ensure security.
  5. To remove these headers, click on the text box next to "Additional security headers" and delete the existing values.
  6. Save your changes by clicking on the "Save Changes" button at the top right corner of the page.

By removing the X-Frame-Options and Content-Security-Policy headers, you allow other websites to embed your Webflow site using the iframe tag. However, it is crucial to be aware of the security implications when disabling these headers, as they are in place to protect your site from clickjacking attacks and other vulnerabilities.

Note: When removing these headers, it is essential to consider the security implications thoroughly and ensure that your website is adequately protected against potential security risks.

Additional questions:

  1. How do I modify the security headers in Webflow?
  2. What is the purpose of X-Frame-Options and Content-Security-Policy headers?
  3. How can I enable embedding of a Webflow site in another website?
How can I show an element only for the first instance in a Webflow collection?
How can I create a video player in Webflow that only includes a mute/unmute button and hides all other controls on different browsers and devices?
Is my reference to the CMS field correct in my custom code for the timer in Webflow?
What could be causing the black shadow line on the side of the website when moving the backdrop filter div in and out in Webflow?
Can you suggest an alternative method to add an "onload" attribute to the body in Webflow since it is not allowed to fill in?
Can someone help troubleshoot why the background and font color does not change when hovering over a link block in Webflow?
How can Webflow be used to implement accelerometer and gyroscope data to control a 3D object on mobile?
How can I fix the issue of all the links in my div block showing the same form in Webflow?
How can I create a one-line email submission form using Webflow?
Is it possible to submit form data to different email addresses based on which checkbox is clicked in a Webflow form without writing any code?
Home
Categories
Tutorials
© 2023 CommunityFAQ. All rights reserved.
TermsPrivacyCookies
CommunityFAQ is not affiliated with Webflow. This is a personal project to help answer Webflow's questions and a test project to implement new strategies while working with larger a larger CMS. CommunityFAQ is reader-supported and some links may be affiliate links.