Monthly Archives: March 2020

Allow WordPress Embedded Posts with Global X-Frame-Options for Nginx Servers

The problem: when you enables X-Frame-Options globally. You won’t be able to embed your posts with latest WordPress embed posts method.

The solution: you can simply exclude it in your Nginx configuration. I’ll use Nginx map for better performance:

map $request_uri $x_frame_options_headers {
  default                 SAMEORIGIN;
  # Matching WordPress embed page, ie. https://example.com/my-post/embed#?secret=vLi4CQcWkH
  ~/embed                 "";
}

# Don't allow the browser to render the page inside an frame or iframe
add_header X-Frame-Options $x_frame_options_headers;
Embedding Demo