X-Frame-Options HTTP header

- OTHER

An HTTP header which indicates whether the browser should allow the webpage to be displayed in a frame within another webpage. Used as a defense against clickjacking attacks.

IE

  1. 5.5 - 7
  2. 8 - 10
  3. 11

Edge

  1. 12 - 18
  2. 79 - 81
  3. 83

Firefox

  1. 2 - 3.6
  2. 4 - 17
  3. 18 - 69
  4. 70 - 75
  5. 76
  6. 77 - 78

Chrome

  1. 4 - 25
  2. 26 - 81
  3. 83
  4. 84 - 86

Safari

  1. 3.1 - 5
  2. 5.1 - 13
  3. 13.1
  4. TP

Opera

  1. 9 - 11.5
  2. 11.6 - 67
  3. 68

iOS Safari

  1. 3.2 - 6.1
  2. 7 - 13.3
  3. 13.4

Opera Mini

  1. all

Android Browser

  1. 2.1 - 3
  2. 4 - 4.4.4
  3. 81

Blackberry Browser

  1. 7
  2. 10

Opera Mobile

  1. 10 - 12
  2. 12.1
  3. 46

Chrome for Android

  1. 81

Firefox for Android

  1. 68

IE Mobile

  1. 10
  2. 11

UC Browser for Android

  1. 12.12

Samsung Internet

  1. 4 - 10.1
  2. 11.1

QQ Browser

  1. 10.4

Baidu Browser

  1. 7.12

KaiOS Browser

  1. 2.5

Partial support refers to not supporting the ALLOW-FROM option. The X-Frame-Options header has been obsoleted by the frame-ancestors directive from Content Security Policy Level 2.

Resources:
X-Frame-Options Compatibility Test
IE8 Security Part VII: ClickJacking Defenses - IEBlog
Combating ClickJacking With X-Frame-Options - IEInternals
MDN Web Docs - X-Frame-Options
OWASP Clickjacking Defense Cheat Sheet