https://www.servicenow.com/community/community-central-forum/refused-to-display-https-xxxx-com-in-a-frame-because-it-set-x/m-p/3495542#M6143 <P><a href="https://www.servicenow.com/community/user/viewprofilepage/user-id/17383">@Peter8</a>&nbsp;</P> <P>is ServiceNow instance also using same SSO as that used by 3rd party website?&nbsp;</P> <P><span class="lia-unicode-emoji" title=":light_bulb:">💡</span> If my response helped, please mark it as correct <span class="lia-unicode-emoji" title=":white_heavy_check_mark:">✅</span> and close the thread <span class="lia-unicode-emoji" title=":locked:">🔒</span>— this helps future readers find the solution faster! <span class="lia-unicode-emoji" title=":folded_hands:">🙏</span></P> Tue, 24 Feb 2026 09:58:56 GMT Ankur Bawiskar 2026-02-24T09:58:56Z https://www.servicenow.com/community/community-central-forum/refused-to-display-https-xxxx-com-in-a-frame-because-it-set-x/m-p/3495393#M6122 <P>Hi all, I have create custom widget, embed 3rd website, but it show some error message, how can I resolved it?</P><DIV class="">&nbsp;</DIV><P><span class="lia-inline-image-display-wrapper lia-image-align-left" image-alt="Untitled picture.png" style="width: 999px;"><img src="https://www.servicenow.com/community/image/serverpage/image-id/503231i1678C9279FB2982A/image-size/large?v=v2&amp;px=999" role="button" title="Untitled picture.png" alt="Untitled picture.png" /></span></P> Tue, 24 Feb 2026 07:59:25 GMT https://www.servicenow.com/community/community-central-forum/refused-to-display-https-xxxx-com-in-a-frame-because-it-set-x/m-p/3495393#M6122 Peter8 2026-02-24T07:59:25Z https://www.servicenow.com/community/community-central-forum/refused-to-display-https-xxxx-com-in-a-frame-because-it-set-x/m-p/3495432#M6125 <P><a href="https://www.servicenow.com/community/user/viewprofilepage/user-id/17383">@Peter8</a>&nbsp;</P> <P>you can't embed external website within ServiceNow due to security reason and external website wants to avoid clickjacking attack.</P> <P><SPAN>Reason being that external website must be sending an "X-Frame-Options: SAMEORIGIN" or "X-Frame-Options: DENY" in response header.</SPAN></P> <P><LI-WRAPPER></LI-WRAPPER></P> <P><span class="lia-unicode-emoji" title=":light_bulb:">💡</span> If my response helped, please mark it as correct <span class="lia-unicode-emoji" title=":white_heavy_check_mark:">✅</span> and close the thread <span class="lia-unicode-emoji" title=":locked:">🔒</span>— this helps future readers find the solution faster! <span class="lia-unicode-emoji" title=":folded_hands:">🙏</span></P> Tue, 24 Feb 2026 08:41:36 GMT https://www.servicenow.com/community/community-central-forum/refused-to-display-https-xxxx-com-in-a-frame-because-it-set-x/m-p/3495432#M6125 Ankur Bawiskar 2026-02-24T08:41:36Z https://www.servicenow.com/community/community-central-forum/refused-to-display-https-xxxx-com-in-a-frame-because-it-set-x/m-p/3495457#M6132 <P>Hi&nbsp;<a href="https://www.servicenow.com/community/user/viewprofilepage/user-id/17383">@Peter8</a>&nbsp;:&nbsp;</P><P>&nbsp;</P><P>You are encountering the error for&nbsp;<STRONG>clickjacking prevention from external site where</STRONG>&nbsp;the external website explicitly blocks other sites from embedding it in an iframe for security reasons.</P><P>&nbsp;</P><P>Here Solution could be</P><P>&nbsp;</P><P><STRONG>Using Popup window:</STRONG><SPAN>&nbsp;Open the external link in a new, small browser window using&nbsp;</SPAN><CODE class="">window.open()</CODE></P><P><CODE class="">OR&nbsp;</CODE></P><P><SPAN class=""><STRONG>Contact the External Website Owner:</STRONG><SPAN>&nbsp;</SPAN>The most direct solution is to contact the administrator of<SPAN>&nbsp;</SPAN><CODE class=""><A href="https://xxxx.com/" target="_blank" rel="noopener">https://xxxx.com/</A></CODE><SPAN>&nbsp;</SPAN>and request that they configure their server to allow framing from your ServiceNow domain. This often involves adding a<SPAN>&nbsp;</SPAN><CODE class="">Content-Security-Policy</CODE><SPAN>&nbsp;</SPAN>(CSP)<SPAN>&nbsp;</SPAN><CODE class="">frame-ancestors</CODE><SPAN>&nbsp;</SPAN>directive or an<SPAN>&nbsp;</SPAN><CODE class="">X-Frame-Options: <STRONG>ALLOW-FROM</STRONG></CODE><SPAN>&nbsp;</SPAN>header specifying your instance's URL.</SPAN></P> Tue, 24 Feb 2026 09:05:38 GMT https://www.servicenow.com/community/community-central-forum/refused-to-display-https-xxxx-com-in-a-frame-because-it-set-x/m-p/3495457#M6132 Tanushree Maiti 2026-02-24T09:05:38Z https://www.servicenow.com/community/community-central-forum/refused-to-display-https-xxxx-com-in-a-frame-because-it-set-x/m-p/3495519#M6138 <P>Hi&nbsp;<a href="https://www.servicenow.com/community/user/viewprofilepage/user-id/287542">@Tanushree Maiti</a>&nbsp;,</P><P>&nbsp;</P><P>Do you know how can I add this in servicenow instance, for example,&nbsp; I want to embed Prod to DEV, how can I add this policy in Prod instance?</P> Tue, 24 Feb 2026 09:43:07 GMT https://www.servicenow.com/community/community-central-forum/refused-to-display-https-xxxx-com-in-a-frame-because-it-set-x/m-p/3495519#M6138 Peter8 2026-02-24T09:43:07Z https://www.servicenow.com/community/community-central-forum/refused-to-display-https-xxxx-com-in-a-frame-because-it-set-x/m-p/3495522#M6139 <P>Hi&nbsp;<a href="https://www.servicenow.com/community/user/viewprofilepage/user-id/265966">@Ankur Bawiskar</a>&nbsp;,</P><P>&nbsp;</P><P>Do you know if there is a way for me to obtain the access token and refresh token after logging in through AAD SSO?</P> Tue, 24 Feb 2026 09:45:16 GMT https://www.servicenow.com/community/community-central-forum/refused-to-display-https-xxxx-com-in-a-frame-because-it-set-x/m-p/3495522#M6139 Peter8 2026-02-24T09:45:16Z https://www.servicenow.com/community/community-central-forum/refused-to-display-https-xxxx-com-in-a-frame-because-it-set-x/m-p/3495526#M6140 <P><a href="https://www.servicenow.com/community/user/viewprofilepage/user-id/17383">@Peter8</a>&nbsp;</P> <P>what's your exact requirement?</P> <P>which external website is this?</P> Tue, 24 Feb 2026 09:47:35 GMT https://www.servicenow.com/community/community-central-forum/refused-to-display-https-xxxx-com-in-a-frame-because-it-set-x/m-p/3495526#M6140 Ankur Bawiskar 2026-02-24T09:47:35Z https://www.servicenow.com/community/community-central-forum/refused-to-display-https-xxxx-com-in-a-frame-because-it-set-x/m-p/3495532#M6141 <P>Share your widget details where you have mentioned the 3rd party site</P> Tue, 24 Feb 2026 09:52:52 GMT https://www.servicenow.com/community/community-central-forum/refused-to-display-https-xxxx-com-in-a-frame-because-it-set-x/m-p/3495532#M6141 Tanushree Maiti 2026-02-24T09:52:52Z https://www.servicenow.com/community/community-central-forum/refused-to-display-https-xxxx-com-in-a-frame-because-it-set-x/m-p/3495540#M6142 <P>Hi <a href="https://www.servicenow.com/community/user/viewprofilepage/user-id/265966">@Ankur Bawiskar</a>&nbsp;,</P><P>&nbsp;</P><P>I want to integrate a third-party website into SNOW. If a user of this system logs in via SSO and then accesses this page, we will find that since they have already logged in, there is no need for manual login. The SSO information will automatically log them in.</P> Tue, 24 Feb 2026 09:57:42 GMT https://www.servicenow.com/community/community-central-forum/refused-to-display-https-xxxx-com-in-a-frame-because-it-set-x/m-p/3495540#M6142 Peter8 2026-02-24T09:57:42Z https://www.servicenow.com/community/community-central-forum/refused-to-display-https-xxxx-com-in-a-frame-because-it-set-x/m-p/3495542#M6143 <P><a href="https://www.servicenow.com/community/user/viewprofilepage/user-id/17383">@Peter8</a>&nbsp;</P> <P>is ServiceNow instance also using same SSO as that used by 3rd party website?&nbsp;</P> <P><span class="lia-unicode-emoji" title=":light_bulb:">💡</span> If my response helped, please mark it as correct <span class="lia-unicode-emoji" title=":white_heavy_check_mark:">✅</span> and close the thread <span class="lia-unicode-emoji" title=":locked:">🔒</span>— this helps future readers find the solution faster! <span class="lia-unicode-emoji" title=":folded_hands:">🙏</span></P> Tue, 24 Feb 2026 09:58:56 GMT https://www.servicenow.com/community/community-central-forum/refused-to-display-https-xxxx-com-in-a-frame-because-it-set-x/m-p/3495542#M6143 Ankur Bawiskar 2026-02-24T09:58:56Z https://www.servicenow.com/community/community-central-forum/refused-to-display-https-xxxx-com-in-a-frame-because-it-set-x/m-p/3495546#M6144 <P>Hi&nbsp;<a href="https://www.servicenow.com/community/user/viewprofilepage/user-id/287542">@Tanushree Maiti</a>&nbsp;,</P><P>&nbsp;</P><P>Currently, I have embedded the ServiceNow Prod environment in the ServiceNow Dev environment, and then displayed this error. How can I add policies and hear in the Prod instance?</P> Tue, 24 Feb 2026 10:02:37 GMT https://www.servicenow.com/community/community-central-forum/refused-to-display-https-xxxx-com-in-a-frame-because-it-set-x/m-p/3495546#M6144 Peter8 2026-02-24T10:02:37Z https://www.servicenow.com/community/community-central-forum/refused-to-display-https-xxxx-com-in-a-frame-because-it-set-x/m-p/3495548#M6145 <P>Hi&nbsp;<a href="https://www.servicenow.com/community/user/viewprofilepage/user-id/265966">@Ankur Bawiskar</a>&nbsp;,</P><P>&nbsp;</P><P>Yes, they are same SSO</P> Tue, 24 Feb 2026 10:04:28 GMT https://www.servicenow.com/community/community-central-forum/refused-to-display-https-xxxx-com-in-a-frame-because-it-set-x/m-p/3495548#M6145 Peter8 2026-02-24T10:04:28Z https://www.servicenow.com/community/community-central-forum/refused-to-display-https-xxxx-com-in-a-frame-because-it-set-x/m-p/3495564#M6146 <P><a href="https://www.servicenow.com/community/user/viewprofilepage/user-id/17383">@Peter8</a>&nbsp;</P> <P>I still believe that external website/application won't allow this since you are reaching/connecting to their URL from within ServiceNow</P> <P>Please check with that team if it's allowed or not.</P> <P>if not then it's not feasible to achieve and embed their URL within ServiceNow.</P> <P><span class="lia-unicode-emoji" title=":light_bulb:">💡</span> If my response helped, please mark it as correct <span class="lia-unicode-emoji" title=":white_heavy_check_mark:">✅</span> and close the thread <span class="lia-unicode-emoji" title=":locked:">🔒</span>— this helps future readers find the solution faster! <span class="lia-unicode-emoji" title=":folded_hands:">🙏</span></P> Tue, 24 Feb 2026 10:16:19 GMT https://www.servicenow.com/community/community-central-forum/refused-to-display-https-xxxx-com-in-a-frame-because-it-set-x/m-p/3495564#M6146 Ankur Bawiskar 2026-02-24T10:16:19Z https://www.servicenow.com/community/community-central-forum/refused-to-display-https-xxxx-com-in-a-frame-because-it-set-x/m-p/3496298#M6156 <P><a href="https://www.servicenow.com/community/user/viewprofilepage/user-id/17383">@Peter8</a>&nbsp;</P> <P>Hope you are doing good.</P> <P>Did my reply answer your question?</P> <P><span class="lia-unicode-emoji" title=":light_bulb:">💡</span> If my response helped, please mark it as correct <span class="lia-unicode-emoji" title=":white_heavy_check_mark:">✅</span> and close the thread <span class="lia-unicode-emoji" title=":locked:">🔒</span>— this helps future readers find the solution faster! <span class="lia-unicode-emoji" title=":folded_hands:">🙏</span></P> Wed, 25 Feb 2026 03:15:51 GMT https://www.servicenow.com/community/community-central-forum/refused-to-display-https-xxxx-com-in-a-frame-because-it-set-x/m-p/3496298#M6156 Ankur Bawiskar 2026-02-25T03:15:51Z