Opt-out iFrame issue - shows only empty frame

Hi,

I can’t seem to get the opt-out iFrame to work properly. When I add the code to my page only an empty frame renders, but when I try the source directly, the opt-out content shows just fine

I looked at all the other forum posts, but couldn’t find any solution.

Any help greatly appreciated.

Hi,

Do you see any errors in the console in the developer tools of your browser?

Are you trying to embed an HTTP site in an HTTPS website?

@Lukas

No, no errors at all, and Piwik is installed on a HTTPS site tracking another HTTPS site.

Sorry…just found a 403 error on the grabber.php (Cause: xhr) in the Firefox console…not sure what to make of it.

Hi Lukas,
still haven’t been able to figure out why the iFrame remains empty, and there are no related errors showing up.

Here’s the code:

<iframe style="border: 0; height: 200px; width: 600px;" src="https://martinpecher.com/analytics/piwik/index.php?module=CoreAdminHome&action=optOut&idsite=9&language=en"></iframe>

Again, when I go to the source URL everything shows up fine, but the iFrame doesn’t show any content.

Any other ideas? Any help greatly appreciated!

Hi,

I think I have found the solution to your problem:
When I access the source URL I notice that your server is sending a x-frame-option: SAMEORIGIN header.
This header tells browsers to allow no one to iframe your website apart from URLs on the same domain,

As your website is reachable from a different URL (different TLD) it isn’t allowed to display the iframe.

The easiest solution would be not sending the x-frame-options: header. If you want to go the secure way and keep others from embedding your website, fine-tuned a Content Security Policy will be the best solution.

Thanks Lukas…I’ll check it out and report back shortly.

Problem solved…thanks Lukas! :slight_smile:

It was indeed the x-frame-option: SAMEORIGIN header in the .htaccess file.