HTML Embed <iframe> with *.webflow.io projects is not possible on Ecommerce Hosting

When attempting to showcase completed websites within an < iframe > tag inside an HTML Embed an error returns: *.webflow.io refused to connect.

<iframe sandbox="allow-scripts" src="https://tgcengineering.webflow.io/" allowfullscreen="true"></iframe>

Goal:
Showcase completed (*.webflow.io) projects on an Ecommerce Hosted Webflow Project using iframes.

Problem:
Ecommerce Hosting enforces secure frame headers. From the visible element at the published custom domain, the following error is returned: *.webflow.io refused to connect.
It does however function from the published *.webflow.io address.

Info:
Ecommerce Hosted Webflow Project with a Custom Domain and SSL + Secure Frame Headers active - all security features must remain!

Notes:
My best guess is that this same line of code that enforces secure iframe headers for the website itself may be preventing our showcased works from loading as iframes. I therefore am stuck with the identical problem to a, b, c, d, e, f… Etc. And, with no functioning resolution/workaround.

I have also inspected moz://a and found no way to work around webflows Ecommerce implementation of X-Frame-Options


After scouring the Webflow Forums and several identical unsolved posts. I hereby humbly request guidance from the webflow vets: @PixelGeek @jorn @brryant @cyberdave @vincent

Please help us put this issue to rest.

You can’t embed a .Webflow.io site, it’s a restricition.

Thanks for your response @vincent it is much appreciated.

Might it be possible to iframe completed sites if i export them to sub domains and use
X-Frame-Options: SAMEORIGIN

(Exported to the same domains (subdomains) with SSL and modified X-Frame-Options in .html files)

Will this get me around the secure frame headers of Ecommerce Hosting?

It’s just embedding something hosted on the .Webflow.io domain only that is forbidden. That’s to prevent abuses. Anything else works, yes.

2 Likes

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.