您的浏览器已过期。此网站可能无法正常显示。请升级您的浏览器。

知识库
Extra Tools
PageImprove
Considerations regarding the Content Security Policy

Considerations regarding the Content Security Policy

Some websites might not be able to work with the PageImprove Chrome extension due to Content Security Policy (CSP) settings. CSP settings protect websites from being opened within <iframe> elements which the Chrome extension relies upon to display the content.

You need to modify your CSP to use PageImprove if:

a) PageImprove shows you the screen like this:

Considerations regarding the Content Security Policy image 1

b) You see an error like this in your browser console:

Refused to display 'https://www.website.com/' in a frame because it set 'X-Frame-Options' to 'deny'.

The root cause is that the web server includes header X-Frame-Options: deny. A workaround acceptable for many websites (e.g. sites without user-generated content and domains that aren't shared with untrusted pages) is to relax the constraint to X-Frame-Options: sameorigin.

X-Frame-Options: sameorigin allows your pages to be opened in <iframe> only on your website. It doesn't allow the pages to be framed by other websites.

Learn more about X-Frame-Options at MDW web docs.

Any questions? Just drop us a line at pageimprove-feedback@semrush.com