X-Frame-Options Compatibility Test

This web page tests your browser's x-frame-options support. The X-frame-options header decides whether if another web page can put a given page (with the header) in an iframe. This is commonly used as a defense against clickjacking.

Please note that X-Frame-Options will eventually be replaced by the frame-ancestors directive in Content Security Policy v2.

Results for you current browser:

Deny:			Expected: 1 green check (or empty)
SameOrigin:			Expected: 2 green checks (or 1 green check and one empty)
Allow-from:			Expected: 2 green checks (or 1 green check and one empty)
Handling of non-standard values. According to spec only one value is allowed. What happens if there are two? (Thank you to Alexander Forbes for the idea)
Deny,Deny:			Green check (or empty)
Deny,sameorigin + sameorigin,deny:			Two green checks (or empty)
sameorigin,allow-from + allow-from,sameorigin:			Two green checks (or empty)
Deny,allow-from + allow-from,deny:			Two green checks (or empty)

Current results

Get a different result, or is the result for your browser missing - send me a message on twitter @webtonull or e-mail.

Edge
IE11 on winphone	(thank you, Chris)
IE11	(thank you, Pedro Laguna)
IE10
IE9
Firefox 18-
Dolphin 11.4.3 Android	fails on allow-from (thank you, Peter Carter)
Chrome 57	fails on allow-from (thanks, Greg)
Safari 10.0.1	fails on allow-from
Opera 26	fails on allow-from
IE8	fails on allow-from
IE7	header is not supported, so fails on deny, sameorigin and allow-from
IE6	header is not supported, so fails on deny, sameorigin and allow-from
Firefox 17	fails on allow-from