The X-Frame-Options header prevents your site from being embedded in iframes on other malicious sites (Clickjacking). This tool verifies that you are sending the correct directives to protect your users.
Ready to scan...
An attack where invisible iframes are placed over legitimate buttons, tricking users into clicking something they didn't intend to.
Use 'DENY' to block all framing, or 'SAMEORIGIN' to allow framing only by your own website.