Support
Support
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Firefox: Allow user to disable external embedded websites protection.

GamingNerdLeith
Strollin' around
‎04-05-2026 01:30 PM
Status: New idea

Firefox: Allow user to disable external embedded websites protection.

Suggestion:

It would be very helpful if the browser’s anti-clickjacking protection, specifically the feature that prevents websites from being embedded in other pages using mechanisms like X-Frame-Options or Content Security Policy (CSP), were user-configurable. Now, I understand the purpose of this restriction. It helps prevent clickjacking attacks by blocking embedded content from external sites. However, this limitation can also cause certain websites to break or become unusable especially if you can not open the page in a new window, like the help article suggests.

I suggest adding a clear and easily accessible toggle within the settings menu, such as in the shield or lock icon panel, allowing users to enable or disable this protection when needed. While the browser’s built-in security measures are appreciated, users should have the flexibility to choose which protections remain active. A dedicated section outlining all security features, with default settings enabled, would improve transparency and usability. Additionally, offering both global controls and per-site overrides (based on domains and subdomains) would provide more precise control over the browsing experience.

Reason:

I keep encountering the following error:

Firefox Can’t Open This Page

To protect your security, example.com will not allow Firefox to display the page if another site has embedded it. To see this page, you need to open it in a new window.



Comment
4 Comments
Status changed to: New idea
Jon
Community Manager
Community Manager
‎05-05-2026 12:00 AM
‎05-05-2026 12:00 AM

Thanks for submitting an idea to the Mozilla Connect community! Your idea is now open to votes (aka kudos) and comments.

siffemcon
Collaborator
‎05-05-2026 12:10 AM
‎05-05-2026 12:10 AM

Pretty sure Mozilla will never provide that sort of option. If you want to risk it, there is an add-on to work around it: https://addons.mozilla.org/en-US/firefox/addon/ignore-x-frame-options-header/.

Agentvirtuel
Collaborator
‎05-05-2026 12:40 AM
‎05-05-2026 12:40 AM

Hello

To complement, for demonstration purposes, Ignore X-Frame-Options Header
https://www.youtube.com/watch?v=CpSx1IQkhsw

GamingNerdLeith
Strollin' around
‎22-05-2026 12:03 PM
‎22-05-2026 12:03 PM

What I’m suggesting here is that Firefox should include an option (with protection enabled by default) to disable anti-clickjacking protection, rather than forcing users to rely on third-party add-ons if they want to turn it off. Users should always have the flexibility to decide which protections remain enabled, and if disabling a feature carries risks, they should be clearly informed so they can make an informed decision, especially when those protections may interfere with the functionality of certain websites.

I’m not suggesting that the protection should be removed, since that would clearly be a bad idea.

Instead, I’m suggesting that Firefox provide a dedicated protection settings page, ideally accessible from a convenient location such as the shield or lock icon panel, where all protections are listed and can be managed individually (with both both global controls and per-site overrides). This would allow users to disable specific protections when an older or poorly coded website breaks due to certain protection implementations.

 
Copyright © 2026 Khoros, LLC