extension ExtPose

Ignore X-Frame headers

Description from extension meta

Drops X-Frame-Options and Content-Security-Policy HTTP response headers, allowing all pages to be iframed.

Image from store Ignore X-Frame headers
Description from store https://chrome.google.com/webstore/detail/ignore-x-frame-headers/gleekbfjekiniecknbkamfmkohkpodhe Developer tool that strips out the X-Frame-Options and Content-Security-Policy HTTP headers from the response to all requests. Should be used only temporarily and only for developement, testing, or troubleshooting purposes because it disables important browser security mechanisms. Reference information: https://developer.mozilla.org/docs/Web/HTTP/Headers/X-Frame-Options https://developer.mozilla.org/docs/Web/HTTP/Headers/Content-Security-Policy Source code: https://github.com/guilryder/chrome-extensions/tree/master/xframe_ignore

Latest reviews

  • (2020-08-26) Zachary Yaro: It prevents embedded sites from being blocked entirely, but AJAX requests from those sites still seem to be failing, so they do not work correctly within their frames.
  • (2020-08-09) Tom Brickman: Working on a dashboard on local machine. Exactly what I need.
  • (2020-07-24) Noel Bennett: Sadly, looks like as of Chrome version 84, it won't suppress the effects of the `content-security-policy` header.
  • (2020-07-02) Tú Phạm Bảo: Thanks. It's very useful
  • (2020-01-30) gaurang patel: As a developer I find it very useful plugin to test certain scenarios.
  • (2020-01-09) VARA2: It Fixed the b11-pdc.enstage-sas.com refused to connect error..
  • (2019-12-12) 极客青年: https://greasyfork.org/zh-CN/scripts/378131-%E5%BD%A9%E4%BA%91%E5%B0%8F%E8%AF%91 配合此插件食用真香
  • (2019-10-17) Dario Trbović: This saved my life
  • (2019-08-01) Parveen Bhadoo: Love It :)
  • (2019-07-26) лох какойто: Как его удалить
  • (2019-07-25) Mauk de Liagre Bohl: i can't remove this extension
  • (2019-07-24) Nicolas Oliveira: impossivel excluir
  • (2019-06-16) Billy Gee: Great extension for developers! I've been using it for a while now. It's not perfect tho, there are some websites that still won't load inside your iframes (like Facebook), but other that that works fine:) .
  • (2019-06-05) Amir Harel: It is not working anymore...
  • (2019-04-24) Jeff Mickey: Not working as of: Version 74.0.3729.108 (Official Build) (64-bit)
  • (2019-04-12) 勿谈政治: It is nice to running.
  • (2019-03-27) Awesome! Spent so much time googling around how to bypass the x-frame-option, no luck. This extension is a life saver!
  • (2019-03-08) Qi Wang: 能用
  • (2019-02-13) Worked perfectly fine until Google Chrome release v72. Doesn't work anymore :-(
  • (2019-01-24) Bruno Belarmino de Queiroz: Perfect
  • (2018-12-10) Marcus Tucker: It's a powerful but DANGEROUS extension with potentially disastrous consequences, especially in a corporate environment. It doesn't even have a simple toggle! To be safe it urgently needs a whitelist feature so that it can be selectively enabled only for certain sites rather than blanket enabled for EVERY website.
  • (2018-10-12) Marco David Martinez: Save me a lot of time
  • (2018-09-19) Swapneel Golapkar: It was very helpful for me
  • (2018-08-29) Scott Langham: Need option on the icon to enable and disable it. Going into chrome's extensions page to do so each time is a pain.
  • (2018-07-21) Matthijs Gałażyn: Without any whitelist mechanism this extension is dangerous to use.

Latest issues

  • (2020-09-05, v:1.1.1) Nilsson Hsu: it dont work in intranet
    i install the extension on chrome ,its work , but after somedays the extension isnt work ,how can i use the extension in intranet?
  • (2020-09-04, v:1.1.1) Charmes Perfumaria: atualizacao
    nao roda
  • (2020-07-31, v:1.1.1) Ameya Bhakay: content-security-policy frame-ancestors 'self' doesn't work?
    Guillaume, thanks for this awesome extension, however I noticed this extension doesn't handle CSP's well? Try putting this https://www.macquarie.com.au/ site in an iFrame; doesn't work i.e. doesn't remove the CSP.
  • (2020-07-03, v:1.1.1) VINOD KARKE: Could not move extension directory into profile.
    Could not move extension directory into profile. please support me
  • (2020-07-03, v:1.1.1) VINOD KARKE: Could not move extension directory into profile.
    Could not move extension directory into profile. ha error yet ahe please support me
  • (2020-05-20, v:1.1.1) Morten Holst Jensen: frame-ancestors 'self' not supported?
    Hi, I have been using the extension with great success for testing purposes, but the sites I suspect the site I am working with has changed implementation of frame-ancestors, because I am now getting the following error, even with the extension enable: Refused to frame 'https://[mainsite.com].com/' because an ancestor violates the following Content Security Policy directive: "frame-ancestors 'self' https://[external site.com]" Is the 'self' setting different from 'deny', in a way so it is not possible for the extension to override it? Is there something else I can do to override this? Tested in both new Edge and Chrome 80+ Thanks /Morten
  • (2020-05-12, v:1.1.1) Daniel Lim: Stopped working?
    Hi, I cant get it to work. I know it did before. The same setup works in firefox with the equivalent extension.
  • (2020-02-18, v:1.1.1) Chris Crotts: Security Settings
    I am actually trying to resolve a problem I have previewing PDFs on outlook.com. This extension fixed the problem in production, however, I really don't want to leave the extension on for normal browsing. Is there a list of security settings within Chrome that this extension disables so I can see which one is blocking my request? Any help would be great, Chris
  • (2019-08-29, v:1.1) RONNY VON: CANCELamento
  • (2019-08-21, v:1.1) AVO: kaldıramama
    uzantıyı kaldramıyorum
  • (2019-07-04, v:1.1) Tepeş: How to import it to my code?
    I'm making a html/js/css app, and want to include it to my app. How do i do? like <script></script> ??
  • (2019-06-06, v:1.1) Vaibhav Gaikwad: Could a configuraiton to skip specific sites?
    Could a configuraiton be added to support x-frame-options to be skipped only for specific sites? Based on trust policies, the configuration can help to setup such rules
  • (2019-05-16, v:1.1) MjolniR: how to ignore x-frame options using php code?
    i want to do this manually using php code.so can you suggest some solution.
  • (2019-03-22, v:1.1) Craig Lindholm: Vivaldi Web Browser Partially working
    version 2.3.1440.61 (Stable channel) (32-bit) Works if I allow all sites. Doesn't work if I specify sites
  • (2019-03-05, v:1.1) Rob Lindman: does not work in latest chrome
    I just updated to... Version 72.0.3626.121 (Official Build) (64-bit) ... Windows 10, and same version but .119 on Ubuntu. Refused to display 'https://worker.mturk.com/tasks' in a frame because it set 'X-Frame-Options' to 'sameorigin'.
  • (2019-03-04, v:1.1) Thomason1005: not working with local file on chrome v72
    i am using chrome 72.0.3626.121 on windows 10 and try to open the following html (local), but still get the same error as without plugin: "<!DOCTYPE html> <html> <head> <title>FrameTest</title> <meta charset="utf-8"> <meta name="viewport" content="initial-scale=1.0, user-scalable=no, width=device-width"> </head> <body style="padding:0;margin:0; overflow:hidden; background:black;"> <iframe src="http://www.google.com" style="width:100vw;height:56.25vw;border:0;"> </iframe> </body> </html>"
  • (2019-02-14, v:1.1) Stopped working on Version 72.0.3626.109
    Hi Guillaume, first off, thanks for this handy extension. I recently upgraded my chrome version from v71 to v72, and sadly, this extension doesn't do it's magic anymore. Any plans of updating this extension?
  • (2018-12-10, v:1.1) Marcus Tucker: Feature to selectively enable for specific sites is needed
    This extension has potentially disastrous consequences, especially in a corporate environment but it doesn't even have a simple toggle like most other extension have and using Chrome's own extension enable/disable mechanism is not convenient at all so will lead to security problems due to user error / forgetfulness. For this extension to be proactively safe it needs a whitelist feature so that it can be selectively enabled only for certain sites rather than blanket enabled for EVERY website.


164,760 history
4.3 (114 votes)
Last update / version
2019-09-28 / 1.1.1
Listing languages