Contact Us

Installation

Pendo Help CenterInstallationX-Frame-Options header

X-Frame-Options header

We strongly recommend using the frame-ancestors directive from the official Content Security Policy (CSP) Level 2 specification instead of using the unofficial X-FRAME-OPTIONS header.

If switching to CSP is not an option, you can still use the Pendo in-app designer one of two ways:

Chrome Plugin

Ignore X-Frame-Headers extension

Firefox Plugin

Ignore X-Frame-Headers extension

ALLOW-FROM Value

Since X-FRAME-OPTIONS is not an official standard, there are various implementations which may not support this value. We tested this on Firefox 43.

You must specify the app.pendo.io URI. Note you can only include one URI per ALLOW-FROM separated by semi-colon.

X-Frame-Options: ALLOW-FROM https://app.pendo.io

© 2018 Pendo  |  Terms of Service  |  Privacy Policy