by niutech

Web Component extending IFrame to bypass X-Frame-Options: deny/sameorigin

276 Stars 100 Forks Last release: Not found 6 Commits 0 Releases

Available items

No Items, yet!

The developer of this repository has not created any items for sale yet. Need a bug fixed? Help with integration? A different license? Create a request here:


Published on webcomponents.org

X-Frame-Bypass is a Web Component, specifically a Customized Built-in Element, which extends an IFrame to bypass the

X-Frame-Options: deny/sameorigin
response header. Normally such headers prevent embedding a web page in an

 element, but X-Frame-Bypass is using a CORS proxy to allow this.


  1. (Optional) Include the Custom Elements with Built-in Extends polyfill for Safari:

  2. Include the X-Frame-Bypass JS module:

  3. Insert the X-Frame-Bypass Custom Element:



See the Hacker News using X-Frame-Bypass. Supported are current versions of Chrome and Firefox browsers. Edge and Safari do not support Customized Built-in Elements yet.


© 2019 Jerzy Głowacki under Apache License 2.0.

We use cookies. If you continue to browse the site, you agree to the use of cookies. For more information on our use of cookies please see our Privacy Policy.