Announcements
Hi there!
I need to set up X-Frame-Options HTTP header to SAMEORIGIN on my Canvas PowerApp.
On the settings tab I was not able to find anything related to that.
Thank you!
afaik there is no way to make these kind of changes - what is the reason you need to set this option?
@ScottDurow, to prevent other sites from framing the application.
CanvasApps are designed to be able to be embedded - and there is no way of disabling this by adding the X-Frame-Options.You could create a PCF component that looked at the top window to see if it's the PowerApps player - and then provide this property to the rest of the App.
X-Frame-Options is a header included in the response to the request to state if the domain requested will allow itself to be displayed within a frame. It has nothing to do with javascript or HTML, and cannot be changed by the originator of the request. You can't set X-Frame-Options on the iframe. That is a response header set by the domain from which you are requesting the resource . They have set the header to SAMEORIGIN in this case, which means that they have disallowed loading of the resource in an iframe outside of their domain. So you cannot embed their website into yours. Browsers when see that the response header contains X-Frame-Options: SAMEORIGIN, they check your domain and block the rendering of the <iframe>. It is a security measure to avoid clickjacking.
Under review
Thank you for your reply! To ensure a great experience for everyone, your content is awaiting approval by our Community Managers. Please check back later.
Congratulations to our 2026 Super Users!
Congratulations to our 2025 community superstars!
These are the community rock stars!
Stay up to date on forum activity by subscribing.
Vish WR 846
Valantis 532
Haque 410
