Xframe header options

Hello All,
I am trying to access facbook.com from domain name outside netlify whereas my site is hosted at netlify.
while accessing facebook page from domain “Refused to display ‘https://www.facebook.com’ in a frame because it set ‘X-Frame-Options’ to ‘deny’.” error is flashed.

I did following changes in the _header file
Access-Control-Allow-Origin: *
#X-Frame-Options = “SAMEORIGIN”
#X-XSS-Protection: 0

but still getting the same error.

Pls help me to resolve this …

Hey @agclass,
This seems to be a fairly common issue with the Facebook iframe. Here are some threads with suggestions for how to fix:

  1. https://developers.facebook.com/community/threads/435080927309643/
  2. https://stackoverflow.com/questions/53311952/facebook-sdk-fb-getloginstatus-load-denied-by-x-frame-options-firefox-only/53325827#53325827
  3. https://stackoverflow.com/questions/14915152/loading-iframe-facebook-load-denied-by-x-frame-options

Let us know how it goes!