Can anyone explain which security headers are associated with iframe loading issues and may prevent the iframe from being loaded?
I implemented nuxt-helmet to configure security headers in my nuxt project. However, after uploading my site to a server locally and using Nginx as a reverse proxy to a domain address, iframes failed to load.
I suspect that this is due to some headers being set to same-origin, but since my project runs on localhost and is proxied to the domain by Nginx, the same-origin policy doesn't apply here. Am I correct in assuming this?
After disabling nuxt-helmet, the iframes were successfully loaded.
The website I am working on can be found at
Although nuxt-helmet has been disabled, I am still curious to know which specific header causes an iframe not to load.
nuxt-helmet sets the following headers, but I am unfamiliar with all of them:
Strict-Transport-Security: max-age=15552000; includeSubDomains
X-Content-Type-Options: nosniff
X-DNS-Prefetch-Control: off
X-Download-Options: noopen
X-Frame-Options: SAMEORIGIN
X-Permitted-Cross-Domain-Policies: none
X-XSS-Protection: 0
Despite removing the x-frame-options header from the nuxt helmet configuration entirely, the issue persists. You can visit the site now to view the headers for yourself.