Extra Tools
Considerations regarding the Content Security Policy

Considerations regarding the Content Security Policy

Some websites might not be able to work with the PageImprove Chrome extension due to Content Security Policy (CSP) settings. CSP settings protect websites from being opened within <iframe> elements which the Chrome extension relies upon to display the content.

You need to modify your CSP to use PageImprove if:

a) PageImprove shows you the screen like this:

Considerations regarding the Content Security Policy image 1

b) You see an error like this in your browser console:

Refused to display '' in a frame because it set 'X-Frame-Options' to 'deny'.

The root cause is that the web server includes header X-Frame-Options: deny. A workaround acceptable for many websites (e.g. sites without user-generated content and domains that aren't shared with untrusted pages) is to relax the constraint to X-Frame-Options: sameorigin.

X-Frame-Options: sameorigin allows your pages to be opened in <iframe> only on your website. It doesn't allow the pages to be framed by other websites.

Please refer to this article at MDW web docs to learn how to configure X-Frame-Options on your website.

Any questions? Just drop us a line at

Mostrar mais
Mostrar mais