X-Frame-Options Compatibility Test

This web page tests your browser's x-frame-options support. The X-frame-options header decides whether if another web page can put a given page (with the header) in an iframe. This is commonly used as a defense against clickjacking.

Please note that X-Frame-Options will eventually be replaced by the frame-ancestors directive in Content Security Policy v2.

Results for you current browser:
Deny: Expected: 1 green check (or empty)
SameOrigin: Expected: 2 green checks (or 1 green check and one empty)
Allow-from: Expected: 2 green checks (or 1 green check and one empty)


Handling of non-standard values. According to spec only one value is allowed. What happens if there are two? (Thank you to Alexander Forbes for the idea)
Deny,Deny: Green check (or empty)
Deny,sameorigin + sameorigin,deny: Two green checks (or empty)
sameorigin,allow-from + allow-from,sameorigin: Two green checks (or empty)
Deny,allow-from + allow-from,deny: Two green checks (or empty)

Current results

Get a different result, or is the result for your browser missing - send me a message on twitter @webtonull or e-mail.
Edge
IE11 on winphone (thank you, Chris)
IE11 (thank you, Pedro Laguna)
IE10
IE9
Firefox 18-
Dolphin 11.4.3 Android fails on allow-from (thank you, Peter Carter)
Chrome 57 fails on allow-from (thanks, Greg)
Safari 10.0.1 fails on allow-from
Opera 26 fails on allow-from
IE8 fails on allow-from
IE7 header is not supported, so fails on deny, sameorigin and allow-from
IE6 header is not supported, so fails on deny, sameorigin and allow-from
Firefox 17 fails on allow-from