X-Frame-Options HTTP header

- OTHER

An HTTP header which indicates whether the browser should allow the webpage to be displayed in a frame within another webpage. Used as a defense against clickjacking attacks.

IE

  1. 5.5 - 7: Not supported
  2. 8 - 10: Supported
  3. 11: Supported

Edge

  1. 12 - 18: Supported
  2. 79: Partial support
  3. 80: Partial support

Firefox

  1. 2 - 3.6: Support unknown
  2. 4 - 17: Partial support
  3. 18 - 69: Supported
  4. 70 - 72: Partial support
  5. 73: Partial support
  6. 74 - 75: Partial support

Chrome

  1. 4 - 25: Support unknown
  2. 26 - 79: Partial support
  3. 80: Partial support
  4. 81 - 83: Partial support

Safari

  1. 3.1 - 5: Support unknown
  2. 5.1 - 12.1: Partial support
  3. 13: Partial support
  4. TP: Partial support

Opera

  1. 9 - 11.5: Support unknown
  2. 11.6 - 65: Partial support
  3. 66: Partial support

iOS Safari

  1. 3.2 - 6.1: Support unknown
  2. 7 - 13.1: Partial support
  3. 13.2: Partial support
  4. 13.3: Partial support

Opera Mini

  1. all: Not supported

Android Browser

  1. 2.1 - 3: Support unknown
  2. 4 - 4.4.4: Partial support
  3. 80: Partial support

Blackberry Browser

  1. 7: Partial support
  2. 10: Partial support

Opera Mobile

  1. 10 - 12: Support unknown
  2. 12.1: Partial support
  3. 46: Partial support

Chrome for Android

  1. 80: Partial support

Firefox for Android

  1. 68: Supported

IE Mobile

  1. 10: Supported
  2. 11: Supported

UC Browser for Android

  1. 12.12: Partial support

Samsung Internet

  1. 4 - 9.2: Partial support
  2. 10.1: Partial support

QQ Browser

  1. 1.2: Partial support

Baidu Browser

  1. 7.12: Partial support

KaiOS Browser

  1. 2.5: Supported

Partial support refers to not supporting the ALLOW-FROM option. The X-Frame-Options header has been obsoleted by the frame-ancestors directive from Content Security Policy Level 2.

Resources:
X-Frame-Options Compatibility Test
IE8 Security Part VII: ClickJacking Defenses - IEBlog
Combating ClickJacking With X-Frame-Options - IEInternals
MDN Web Docs - X-Frame-Options
OWASP Clickjacking Defense Cheat Sheet