Please note that it seems on HTTPS pages sometimes the X-Frame-Options header is not sent when only the headers are requested although it is there. So always perform both checks.

Checking:

Result

Header X-Frame-Options found.
The header is set to SAMEORIGIN. You are on a different domain and therefore this page can NOT be included.

Show the full header

Header for: https://Neurodiverse.ToastmastersClubs.Org
HTTP/1.1 200 OK
Date: Sat, 28 Mar 2026 12:03:25 GMT
Server: Apache/2.4.66 (Amazon Linux) OpenSSL/3.2.2 mod_fcgid/2.3.9
Cache-Control: no-store, no-cache, must-revalidate, max-age=0, pre-check=0, post-check=0
Pragma: no-cache
X-UA-Compatible: IE=edge, chrome=1
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
Referrer-Policy: strict-origin-when-cross-origin
Permissions-Policy: camera=(), microphone=(), geolocation=(), fullscreen=(self)
Cache-Control: max-age=2592000
Expires: Mon, 27 Apr 2026 12:03:25 GMT
Vary: Accept-Encoding,User-Agent
Content-Type: text/html; charset=utf-8



Check if a frame killer script is one the remote page. If you see the iframe below it works. If you click and you see the other page full screen a frame killer script does run and you cannot include the page.

Checked 44499 urls so far.