Xframe header options

Hello All,
I am trying to access facbook.com from domain name outside netlify whereas my site is hosted at netlify.
while accessing facebook page from domain “Refused to display ‘https://www.facebook.com’ in a frame because it set ‘X-Frame-Options’ to ‘deny’.” error is flashed.

I did following changes in the _header file
Access-Control-Allow-Origin: *
#X-Frame-Options = “SAMEORIGIN”
#X-XSS-Protection: 0

but still getting the same error.

Pls help me to resolve this …

Hey @agclass,
This seems to be a fairly common issue with the Facebook iframe. Here are some threads with suggestions for how to fix:

  1. x-frame-options Deny Error in Facebook login when iframed by Facebook - Developer Community Forum - Meta for Developers
  2. javascript - Facebook SDK FB.GetLoginStatus Load denied by X-Frame-Options (Firefox Only) - Stack Overflow
  3. Loading Iframe Facebook (Load denied by X-Frame-Options) - Stack Overflow

Let us know how it goes!