X-Frame-Options

Cross site scripting is frowned upon however there are times when you need to display the content of one site in the iFrame of another. An example is a war board showing a result set of data used for an operations team to monitor. This can be things like new support requests.

The host can block this by setting the following header in the response:

X-Frame-Options SAMEORIGIN

If this is set you can stand on your head but your iFrame will not display the content:

--- include jquery
src="https://code.jquery.com/jquery-1.11.1.min.js"

--- js methods
 $(document).ready(function () {
var height = $(window).height();
setInterval("Refresh()", 150000);
$("#results").css("height", (height - 9) + "px");
});
function Refresh() {
var iframe = document.getElementById('results');
iframe.src = iframe.src;
}

--- some style
 html, body {
margin: 0px;
border: 0px;
}
#results {
width: 99%;
}

--- iFrame
iframe id="results" src="https://en.wikipedia.org/wiki/MIT_License" scrolling="no"

Work Around

You can removed the configuration from the server (if you have access)

--- nginx
Header always append X-Frame-Options SAMEORIGIN

--- IIS (I have not tried this but saw it on SO, linked below) 
< system.webServer>
     < httpProtocol allowKeepAlive="true" >
       < customHeaders>
         < add name="X-Frame-Options" value="*" />
       < /customHeaders>
     < /httpProtocol>
 < /system.webServer>

If this is for a warboard and you and not hijacking somebody’s website you can install a browser plug, example for chrome is ‘Ignore X-Frame headers’

References

• https://stackoverflow.com/questions/27358966/how-to-set-x-frame-options-on-iframe
• https://stackoverflow.com/questions/38699221/load-denied-by-x-frame-options-does-not-permit-framing