Please note that it seems on HTTPS pages sometimes the X-Frame-Options header is not sent when only the headers are requested although it is there. So always perform both checks.

Checking:

Result

Header X-Frame-Options found.
The header is set to SAMEORIGIN. You are on a different domain and therefore this page can NOT be included.

Show the full header

Header for: https://Neurodiverse.ToastmastersClubs.Org
HTTP/2 200
cache-control: max-age=0, no-cache, no-store, must-revalidate, pre-check=0, post-check=0
pragma: no-cache
expires: 0
x-ua-compatible: IE=edge, chrome=1
vary: Accept-Encoding,User-Agent
x-frame-options: SAMEORIGIN
content-type: text/html; charset=utf-8
date: Sun, 27 Jul 2025 04:32:26 GMT
server: Apache/2.4.61 (Amazon) OpenSSL/1.0.2k-fips mod_fcgid/2.3.9 mod_perl/2.0.7 Perl/v5.16.3



Check if a frame killer script is one the remote page. If you see the iframe below it works. If you click and you see the other page full screen a frame killer script does run and you cannot include the page.

Checked 43808 urls so far.