Refused to display 'https://xxxx.com/' in a frame because it set 'X-Frame-Options'

Peter8 · ‎02-23-2026

Hi all, I have create custom widget, embed 3rd website, but it show some error message, how can I resolved it?

Tanushree Maiti · ‎02-24-2026

You are encountering the error for clickjacking prevention from external site where the external website explicitly blocks other sites from embedding it in an iframe for security reasons.

Here Solution could be

Using Popup window: Open the external link in a new, small browser window using window.open()

OR

Contact the External Website Owner: The most direct solution is to contact the administrator of https://xxxx.com/ and request that they configure their server to allow framing from your ServiceNow domain. This often involves adding a Content-Security-Policy (CSP) frame-ancestors directive or an X-Frame-Options: ALLOW-FROM header specifying your instance's URL.

Please Accept the solution if it assisted you with your question & Mark this response as Helpful.
Regards
Tanushree Maiti
ServiceNow Technical Architect
LinkedIn: https://www.linkedin.com/in/tanushreemaiti

View solution in original post

Peter8 · ‎02-24-2026

Hi @Tanushree Maiti ,

Do you know how can I add this in servicenow instance, for example, I want to embed Prod to DEV, how can I add this policy in Prod instance?

Tanushree Maiti · ‎02-24-2026

Share your widget details where you have mentioned the 3rd party site

Please Accept the solution if it assisted you with your question & Mark this response as Helpful.
Regards
Tanushree Maiti
ServiceNow Technical Architect
LinkedIn: https://www.linkedin.com/in/tanushreemaiti

Peter8 · ‎02-24-2026

Hi @Tanushree Maiti ,

Currently, I have embedded the ServiceNow Prod environment in the ServiceNow Dev environment, and then displayed this error. How can I add policies and hear in the Prod instance?