X-Frame-Options header

Last Updated:

We strongly recommend using the frame-ancestors directive from the official Content Security Policy (CSP) Level 2 specification instead of using the unofficial X-FRAME-OPTIONS header.

If switching to CSP is not an option, you can still use the Pendo in-app designer one of two ways:

Browser Plugin

* Note that the browser plugins below were created by third-parties. Pendo does not own or maintain either of the extensions listed below. 

Chrome Plugin

Ignore X-Frame-Headers extension

Firefox Plugin

Ignore X-Frame-Headers extension

Updating ALLOW-FROM Value

Since X-FRAME-OPTIONS is not an official standard, there are various implementations which may not support this value. We tested this on Firefox 43.

You must specify the app.pendo.io URI. Note you can only include one URI per ALLOW-FROM separated by semi-colon.

X-Frame-Options: ALLOW-FROM https://app.pendo.io

Was this article helpful?
2 out of 6 found this helpful