Because of security reasons, so some web servers or web frameworks will make request/response headers to be rejected, which is
DENY, which means it doesn’t allow the embeded iframe on to the web.
However, in some case, we still need to use
iframe, ex. from the same domain, with image uploading on TinyMCE (this is very popular on WordPress anyway).
We need to config the web server to allow from
ALLOW_URL instead of
On nginx server, check the config file /etc/nginx/nginx.conf and all the files that it includes, remove or update this part:
add_header X-Frame-Options DENY;
It could be in the file
/etc/nginx/snippets/ssl-params.conf if you setup the SSL.
Restart the server.
Ensuring that web server config has updated for the part, but problem persists, then it should be the web frameworks, check out any place that it can send this header and update.